Read Time:1 Minute, 30 Second
Ivanti has released security updates for its Endpoint Manager (EPM) 2024 and 2022 SU6 versions to address multiple severe and critical vulnerabilities that could lead to unauthorized access to the EPM core server.
Affected Versions and Vulnerabilities:
- EPM 2024: Requires both July and September security patches.
- EPM 2022 SU5 and earlier: Upgrade to 2022 SU6 for full protection.
The key vulnerabilities include: - CVE-2024-37397: XXE vulnerability allowing remote attackers to leak API secrets.
- CVE-2024-8191: SQL injection vulnerability in the management console leading to remote code execution.
- Multiple SQL Injection Flaws: Allow remote authenticated attackers to achieve remote code execution.
- CVE-2024-8320 & CVE-2024-8321: Missing authentication in Network Isolation, allowing attackers to spoof device status or isolate devices.
- CVE-2024-29847: Deserialization vulnerability in the agent portal, enabling remote code execution.
Patching Instructions: - For EPM 2024: Apply the security hot patch after installing the July 2024 patch.
- For EPM 2022: Upgrade to SU6 for comprehensive protection.
The necessary patch files can be downloaded from Ivanti’s support website.
Impact and Recommendations:
These vulnerabilities pose a significant risk to organizations using Ivanti Endpoint Manager. Immediate patching is recommended to prevent attackers from exploiting these flaws. It is also crucial to implement additional security measures such as strong passwords, network segmentation, and regular software updates.
Additional Tips: - Implement least privilege principles for user accounts.
- Regularly monitor systems for unauthorized activity.
- Consider employing a web application firewall (WAF) to block malicious traffic.
- Educate users about the importance of cybersecurity best practices.
Conclusion:
Ivanti Endpoint Manager is a widely used tool for endpoint management. These recently patched vulnerabilities highlight the importance of staying up-to-date with security updates and implementing proactive cybersecurity measures. Organizations should prioritize this patch to protect their IT infrastructure from potential threats.