Ivanti Endpoint Manager, a widely used IT management software, has discovered a critical security vulnerability.
CVE-2024-29847 vulnerability allows for remote code execution by deserializing untrusted data. This flaw poses a significant risk to organizations relying on Ivanti’s endpoint management and security solutions.
CVE-2024-29847 affects the AgentPortal component of Ivanti Endpoint Manager. The vulnerability stems from improper handling of serialized data, allowing attackers to execute arbitrary code remotely.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
This can lead to unauthorized access, data breaches, and further exploitation within affected networks.A proof-of-concept (PoC) exploit has been released, demonstrating the ease with which this vulnerability can be exploited.
The PoC highlights the flaw’s critical nature and underscores the urgency of organizations addressing this issue promptly.
The PoC exploit for CVE-2024-29847 is executed using a specific command:
CVE-2024-29847.exe --uselease --installdir "C:\Program Files\LANDesk\ManagementSuite\LANDesk\ManagementSuite\Core\Core.Webservices" tcp://192.168.0.200:49669/LDSM exec testThis command targets the vulnerable component and executes a test command, showcasing how an attacker can leverage this vulnerability to gain control over the affected system.
Ivanti has responded swiftly to this security threat by releasing updates and providing guidance on mitigating the risk associated with CVE-2024-29847 by Github.
Organizations are strongly advised to update their Ivanti Endpoint Manager installations to the latest version immediately. For those unable to update immediately, Ivanti recommends implementing specific configuration changes to minimize exposure until a full update can be applied.
This analysis provides in-depth insights into how the vulnerability was discovered and exploited, offering valuable information for security professionals seeking to understand and mitigate similar threats in their environments.
The discovery of CVE-2024-29847 highlights the ongoing challenges in securing complex IT management systems.
Organizations using Ivanti Endpoint Manager must act quickly to protect their networks from potential exploitation. Staying informed about vulnerabilities and applying timely updates are crucial to maintaining robust cybersecurity defenses.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial
Google has issued an urgent security update for its Chrome web browser to address three…
Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout…
A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique…
Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant…
A sophisticated malware campaign has emerged that leverages fake online speed test applications to deploy…
Defy Security, a leading provider of cybersecurity solutions and services, today announced the appointment of…