CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. They all affect the core server of Ivanti EPM 2022 SU5 and prior versions, can lead to code execution in the context of the service account, and all have been fixed through a security hot patch. At an (unclear) date that came after the intial release of its advisory, Ivanti has made changes to the patch and urged users to update some of the files or implement the new patch if they haven’t previously done so. The patch provided by Ivanti is implemented by replacing five DLL files from the core server with five others (with the same name) contained in the patch. Ivanti did the same by updating the relevant security advisory to say that they are aware of a limited number of customers who have been exploited. CVE-2024-29824, reported by an anonymous researcher via the Zero Day Initiative program, is one of the ten SQL injection vulnerabilities Ivanti has released a fix for in May 2024. ZDI’s advisory described CVE-2024-29824 as a flaw that exists within the implementation of the RecordGoodApp method and is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. The process has to be concluded by either restarting the core server or closing the EPM console and running IISRESET (a command for restarting IIS services), so that the new DLL files are loaded. The addition of CVE-2024-29824 to the KEV catalog means that all US federal civilian executive branch agencies must remediate it by October 23, 2024.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 03 Oct 2024 15:43:06 +0000