Ivanti EPM: deserialization of untrusted data (CVE-2024-29847) #shorts #breaking

CVE

This CVE, labeled CVE-2024-29847, addresses a security issue concerning the deserialization of untrusted data within the agent portal of Ivanti Endpoint Manager. Specifically, this vulnerability affects versions prior to the 2022 SU6 update and the 2024 September Security Update. The flaw enables remote, unauthenticated attackers to execute malicious code on a targeted system, potentially compromising its security. Despite being a recently discovered vulnerability, there have been no reported specific attacks exploiting this flaw yet. However, the risky nature of unauthorized remote code execution presents significant concerns for all users of Ivanti Endpoint Manager.

Watch the full video on YouTube: CVE-2024-29847

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-29847
Description
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Provider
hackerone
CWE / problem types
Affected Software Versions
Ivanti:EPM:[{'version': '2024 September Security Update', 'status': 'affected', 'lessThan': '2024 September Security Update', 'versionType': 'custom'}, {'version': '2022 SU6', 'status': 'affected', 'lessThan': '2022 SU6', 'versionType': 'custom'}]
Date Published
2024-09-12T01:09:56.277Z
Last Updated
2024-09-17T03:55:12.223Z