Ivanti EPM: deserialization of untrusted data (CVE-2024-29847) #shorts #breaking
CVE
This CVE, labeled CVE-2024-29847, addresses a security issue concerning the deserialization of untrusted data within the agent portal of Ivanti Endpoint Manager. Specifically, this vulnerability affects versions prior to the 2022 SU6 update and the 2024 September Security Update. The flaw enables remote, unauthenticated attackers to execute malicious code on a targeted system, potentially compromising its security. Despite being a recently discovered vulnerability, there have been no reported specific attacks exploiting this flaw yet. However, the risky nature of unauthorized remote code execution presents significant concerns for all users of Ivanti Endpoint Manager.
Watch the full video on YouTube: CVE-2024-29847
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.