Plattform
windows
Komponente
ivanti-endpoint-manager
Behoben in
2024 November Security Update
CVE-2024-50322 describes a Path Traversal vulnerability discovered in Ivanti Endpoint Manager. This flaw allows a local, unauthenticated attacker to potentially execute arbitrary code on the system. The vulnerability impacts versions of Ivanti Endpoint Manager prior to the 2024 November Security Update and 2022 SU6 November Security Update. Applying the specified security update resolves the issue.
The impact of this vulnerability is significant due to the potential for code execution. A successful attacker, already possessing local access, can leverage this flaw to bypass security controls and execute malicious code. This could lead to complete system compromise, data theft, or the installation of persistent malware. The requirement for user interaction means the attacker needs to trick a user into triggering the vulnerability, but the potential consequences are severe. Given Endpoint Manager's role in managing endpoints, a successful exploit could allow an attacker to propagate malware across a network.
CVE-2024-50322 was publicly disclosed on November 12, 2024. The vulnerability's exploitation probability is currently assessed as medium due to the requirement for local access and user interaction. No public proof-of-concept (PoC) code has been released as of this writing, but the relatively straightforward nature of path traversal vulnerabilities suggests that a PoC may emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on Ivanti Endpoint Manager for software deployment and patch management are particularly at risk. Environments with limited access controls or inadequate user training are also more vulnerable. Shared hosting environments where multiple users have access to the Endpoint Manager server should be prioritized for remediation.
• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 4688 -MessageText '*\*\*'" | Get-WinEvent | Format-List -Property * # Look for file access attempts with path traversal characters• windows / supply-chain:
Get-Process | Where-Object {$_.Path -match '\\'} | Format-List -Property Name, Path # Identify processes with unusual paths• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.Actions.Path -match '\\'} | Format-List -Property TaskName, Actions.Path # Check scheduled tasks for suspicious pathsdisclosure
Exploit-Status
EPSS
14.37% (94% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-50322 is to immediately upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If upgrading is not immediately feasible, consider restricting local access to the Endpoint Manager server and implementing strict user access controls. While a direct workaround is unavailable, monitoring system logs for unusual file access patterns could provide early detection. After upgrade, confirm the vulnerability is resolved by attempting to trigger the path traversal sequence and verifying that access is denied.
Actualice Ivanti Endpoint Manager a la versión 2024 November Security Update o 2022 SU6 November Security Update para corregir la vulnerabilidad de path traversal. Esta actualización soluciona el problema que permite la ejecución de código por un atacante local no autenticado. La interacción del usuario es necesaria para explotar la vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-50322 is a Path Traversal vulnerability in Ivanti Endpoint Manager allowing local, unauthenticated attackers to potentially execute code. It has a CVSS score of 7.8 (HIGH).
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 November Security Update or 2022 SU6 November Security Update. Check your version against the fixed versions.
Upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If immediate patching isn't possible, restrict local access and enhance user awareness.
While no public exploits are currently available, the vulnerability's ease of exploitation makes it a potential target. Monitor your systems for suspicious activity.
Refer to the official Ivanti Security Advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.