Multiple critical SQL injection vulnerabilities have been discovered in Ivanti Endpoint Manager, posing severe security risks to affected systems. These vulnerabilities could enable malicious actors to perform unauthorized actions, including initiating Denial of Service attacks and executing arbitrary code. Among the vulnerabilities, one was identified in Ivanti Neurons for ITSM, while the rest were found in Ivanti Endpoint Manager (EPM). The severity of these vulnerabilities ranges from 8.4 (High) to 9.6 (Critical), indicating a significant threat to system integrity.
According to the advisory, there are 11 specific SQL injection vulnerabilities, each assigned a unique CVE identifier. Six of these vulnerabilities have been rated with a critical severity score of 9.6, specifically CVE-2024-22059, CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, and CVE-2024-29826. These critical vulnerabilities are due to unspecified SQL injection flaws in the Core server of Ivanti EPM 2022 SU5 and prior versions, allowing unauthenticated attackers on the same network to execute arbitrary code on vulnerable instances.
The other five vulnerabilities, rated with a high severity score of 8.4, include CVE-2024-29827 through CVE-2024-29830 and CVE-2024-29846. These also stem from unspecified SQL injection flaws but require authentication, enabling authenticated attackers on the same network to execute arbitrary code on the vulnerable systems. This broad range of vulnerabilities underscores the urgent need for users to update their software.
To mitigate these threats, users of Ivanti Endpoint Manager are strongly advised to upgrade to the latest versions immediately. Ensuring that all systems are up-to-date with the latest patches is crucial to prevent threat actors from exploiting these SQL injection vulnerabilities. This incident highlights the importance of regular security assessments and prompt application of patches to maintain robust cybersecurity defenses.
Reference:
