Platform
ivanti
Component
ivanti-endpoint-manager
Fixed in
2024 November Security Update
CVE-2024-50324 describes a Path Traversal vulnerability discovered in Ivanti Endpoint Manager. This flaw allows a remote, authenticated attacker with administrative privileges to execute arbitrary code on the affected system. The vulnerability impacts versions of Ivanti Endpoint Manager prior to the 2024 November Security Update and 2022 SU6 November Security Update. Applying the specified security update resolves the issue.
Successful exploitation of CVE-2024-50324 grants an attacker the ability to execute arbitrary code on the Ivanti Endpoint Manager server. This could lead to complete system compromise, allowing the attacker to steal sensitive data, install malware, or pivot to other systems within the network. Given the administrative privileges required, an attacker who gains access could potentially control the entire endpoint management infrastructure, impacting all managed devices. The potential blast radius is significant, particularly in organizations heavily reliant on Ivanti Endpoint Manager for device management and security.
CVE-2024-50324 was publicly disclosed on November 12, 2024. While no public proof-of-concept (PoC) code has been released, the Path Traversal nature of the vulnerability makes it likely that exploits will emerge. The vulnerability's impact and the requirement for administrative privileges suggest a medium probability of exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
84.59% (99% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-50324 is to immediately upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If upgrading is not immediately feasible, consider implementing network segmentation to limit the attacker's potential lateral movement. Restrict access to the Ivanti Endpoint Manager console to only authorized administrators. Implement strict authentication and authorization controls. Review and audit existing user accounts and permissions. After upgrading, verify the fix by attempting to access restricted files via the Endpoint Manager interface – access should be denied.
Update Ivanti Endpoint Manager to the 2024 November Security Update or 2022 SU6 November Security Update, or a later version. This will correct the path traversal vulnerability and prevent remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-50324 is a Path Traversal vulnerability in Ivanti Endpoint Manager allowing remote code execution by authenticated admins before the 2024 November Security Update or 2022 SU6 November Security Update.
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 November Security Update or 2022 SU6 November Security Update and have authenticated administrators.
Upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. Implement network segmentation and restrict admin access as temporary mitigations.
While no public exploits are currently available, the vulnerability's nature suggests a potential for exploitation, and monitoring is recommended.
Refer to the official Ivanti security advisory for detailed information and updates: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.