Plattform
ivanti
Komponente
ivanti-endpoint-manager
Behoben in
2024 November Security Update or 2022 SU6 November Security Update
CVE-2024-50329 describes a Remote Code Execution (RCE) vulnerability within Ivanti Endpoint Manager. This flaw allows an unauthenticated attacker to execute arbitrary code remotely through a path traversal exploit. The vulnerability impacts versions of Ivanti Endpoint Manager prior to the 2024 November Security Update and 2022 SU6 November Security Update. A security update has been released to address this issue.
The impact of CVE-2024-50329 is significant due to the ease of exploitation and the potential for complete system compromise. An attacker can leverage this vulnerability to gain remote code execution without authentication, effectively taking control of the affected Ivanti Endpoint Manager server. This could lead to data theft, malware deployment, system disruption, and lateral movement within the network. Successful exploitation could allow attackers to access sensitive data managed by the Endpoint Manager, including user credentials, software deployment configurations, and endpoint security policies. The lack of authentication requirements lowers the barrier to entry for attackers, increasing the risk of widespread exploitation.
CVE-2024-50329 was publicly disclosed on November 12, 2024. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the potential impact make it a high-priority vulnerability. The vulnerability is not currently listed on CISA KEV, but its severity warrants close monitoring. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Organizations heavily reliant on Ivanti Endpoint Manager for endpoint management are particularly at risk. This includes those with legacy deployments using older, unsupported versions of the software. Shared hosting environments where multiple customers share the same Ivanti Endpoint Manager instance are also vulnerable, as a compromise of one customer's environment could potentially impact others.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*Ivanti*'} | Select-Object TaskName, State• linux / server:
journalctl -u ivanti-endpoint-manager -f• generic web:
curl -I https://<ivanti_endpoint_manager_server>/<malicious_path_traversal_request>disclosure
Exploit-Status
EPSS
19.62% (95% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-50329 is to immediately upgrade Ivanti Endpoint Manager to the 2024 November Security Update or the 2022 SU6 November Security Update. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Endpoint Manager server and closely monitoring system logs for suspicious activity. While a WAF might offer some protection, it's unlikely to be effective against this type of path traversal vulnerability. After applying the upgrade, verify the fix by attempting to reproduce the vulnerability using the documented exploit steps, ensuring that the path traversal is no longer successful.
Actualice Ivanti Endpoint Manager a la versión 2024 November Security Update o 2022 SU6 November Security Update, o una versión posterior. Esto solucionará la vulnerabilidad de path traversal y evitará la ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-50329 is a Remote Code Execution vulnerability in Ivanti Endpoint Manager allowing unauthenticated attackers to execute code remotely via path traversal.
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 November Security Update or 2022 SU6 November Security Update.
Upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If immediate upgrade is not possible, implement temporary network restrictions.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official Ivanti security advisory for detailed information and mitigation steps: [https://www.ivanti.com/support/kb/security-advisories/CVE-2024-50329.html](https://www.ivanti.com/support/kb/security-advisories/CVE-2024-50329.html)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.