Plattform
ivanti
Komponente
ivanti-endpoint-manager
Behoben in
2024 November Security Update
CVE-2024-50324 describes a Path Traversal vulnerability discovered in Ivanti Endpoint Manager. This flaw allows a remote, authenticated attacker with administrative privileges to execute arbitrary code on the affected system. The vulnerability impacts versions of Ivanti Endpoint Manager prior to the 2024 November Security Update and 2022 SU6 November Security Update. Applying the specified security update resolves the issue.
Successful exploitation of CVE-2024-50324 grants an attacker the ability to execute arbitrary code on the Ivanti Endpoint Manager server. This could lead to complete system compromise, allowing the attacker to steal sensitive data, install malware, or pivot to other systems within the network. Given the administrative privileges required, an attacker who gains access could potentially control the entire endpoint management infrastructure, impacting all managed devices. The potential blast radius is significant, particularly in organizations heavily reliant on Ivanti Endpoint Manager for device management and security.
CVE-2024-50324 was publicly disclosed on November 12, 2024. While no public proof-of-concept (PoC) code has been released, the Path Traversal nature of the vulnerability makes it likely that exploits will emerge. The vulnerability's impact and the requirement for administrative privileges suggest a medium probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Ivanti Endpoint Manager for managing a large number of endpoints are particularly at risk. This includes organizations with legacy Ivanti Endpoint Manager deployments that have not been regularly updated. Shared hosting environments where multiple customers share the same Ivanti Endpoint Manager instance are also vulnerable, as a compromise of one customer's account could potentially impact others.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625 -Message contains 'Ivanti Endpoint Manager'" | Where-Object {$_.Properties[0].Value -match '\\'}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -match 'Ivanti Endpoint Manager'}• windows / supply-chain:
reg query "HKLM\Software\Ivanti\Endpoint Manager" /v UnauthorizedAccessdisclosure
Exploit-Status
EPSS
84.59% (99% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-50324 is to immediately upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If upgrading is not immediately feasible, consider implementing network segmentation to limit the attacker's potential lateral movement. Restrict access to the Ivanti Endpoint Manager console to only authorized administrators. Implement strict authentication and authorization controls. Review and audit existing user accounts and permissions. After upgrading, verify the fix by attempting to access restricted files via the Endpoint Manager interface – access should be denied.
Actualice Ivanti Endpoint Manager a la versión 2024 November Security Update o 2022 SU6 November Security Update, o una versión posterior. Esto corregirá la vulnerabilidad de path traversal y evitará la ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-50324 is a Path Traversal vulnerability in Ivanti Endpoint Manager allowing remote code execution by authenticated admins before the 2024 November Security Update or 2022 SU6 November Security Update.
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 November Security Update or 2022 SU6 November Security Update and have authenticated administrators.
Upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. Implement network segmentation and restrict admin access as temporary mitigations.
While no public exploits are currently available, the vulnerability's nature suggests a potential for exploitation, and monitoring is recommended.
Refer to the official Ivanti security advisory for detailed information and updates: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.