Platform
ivanti
Component
ivanti-endpoint-manager
Fixed in
2024 November Security Update or 2022 SU6 November Security Update
CVE-2024-50329 describes a Remote Code Execution (RCE) vulnerability within Ivanti Endpoint Manager. This flaw allows an unauthenticated attacker to execute arbitrary code remotely through a path traversal exploit. The vulnerability impacts versions of Ivanti Endpoint Manager prior to the 2024 November Security Update and 2022 SU6 November Security Update. A security update has been released to address this issue.
Successful exploitation of CVE-2024-50329 grants an attacker complete control over the affected Ivanti Endpoint Manager server. This includes the ability to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems within the network. Given that Ivanti Endpoint Manager is often used to manage and control endpoints, a compromised server could be leveraged to compromise a large number of client machines. The unauthenticated nature of the exploit significantly broadens the attack surface, as no user credentials are required for exploitation. This vulnerability shares similarities with other path traversal exploits where attackers manipulate file paths to access unauthorized resources.
CVE-2024-50329 was publicly disclosed on November 12, 2024. The vulnerability's ease of exploitation and the widespread use of Ivanti Endpoint Manager suggest a high probability of exploitation. It is not currently listed on CISA KEV, but its severity warrants close monitoring. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
19.62% (95% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-50329 is to immediately upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Ivanti Endpoint Manager server and carefully reviewing file upload and download processes. While a WAF might offer some protection, it's unlikely to be effective against a path traversal vulnerability without specific rules tailored to the Ivanti Endpoint Manager application. After upgrading, verify the fix by attempting to trigger the path traversal vulnerability using known exploit techniques and confirming that access is denied.
Update Ivanti Endpoint Manager to the 2024 November Security Update or 2022 SU6 November Security Update, or a later version. This will resolve the path traversal vulnerability and prevent remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-50329 is a Remote Code Execution vulnerability in Ivanti Endpoint Manager allowing unauthenticated attackers to execute code remotely via path traversal.
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 November Security Update or 2022 SU6 November Security Update.
Upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If immediate upgrade is not possible, implement temporary network restrictions.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official Ivanti security advisory for detailed information and mitigation steps: [https://www.ivanti.com/support/kb/security-advisories/CVE-2024-50329.html](https://www.ivanti.com/support/kb/security-advisories/CVE-2024-50329.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.