CVE-2024-29824 Scanner
CVE-2024-29824 Scanner - Remote Code Execution (RCE) vulnerability in Ivanti EPM
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
20 days 7 hours
Scan only one
Domain, IPv4
Toolbox
-
Ivanti Endpoint Manager (EPM) is widely used for managing and securing desktops, laptops, and other devices within an organization. It is utilized by IT departments and systems administrators to deploy software, maintain device health, and enforce security policies. Companies across various industries rely on Ivanti EPM to ensure their network and devices are up-to-date and secure. The software provides automation and device management capabilities, making it a central tool in IT infrastructures. Being a critical component of enterprise networks, any vulnerabilities within Ivanti EPM can impact the overall security posture of the organization. Consequently, maintaining its security is vital for protecting sensitive data and ensuring business continuity.
This vulnerability allows an attacker to execute arbitrary code on the underlying server, potentially leading to complete system compromise. The issue arises from inadequate input validation within the application's handling of SQL queries. By exploiting this vulnerability, a remote attacker can achieve execution of unauthorized commands under the context of the application's server. This weakness particularly affects environments where the application is exposed or reachable from untrusted networks. Addressing this vulnerability is crucial due to its critical nature and potential high impact if exploited.
Technical details of this vulnerability involve an SQL injection bug present in the Core server of Ivanti EPM versions 2022 SU5 and earlier. Attackers can exploit this by sending crafted requests containing malicious SQL payloads to specific endpoints, such as the EventHandler.asmx. These requests can manipulate the database queries and allow attackers to execute system commands. The vulnerability requires network adjacency, meaning attackers need to be within the same network to exploit it. The successful exploitation is confirmed by achieving a DNS callback via the 'xp_cmdshell' command execution.
If exploited, this vulnerability can lead to unauthorized access to sensitive data, system disruption, and the installation of malicious software. The attacker may gain the ability to compromise the server and pivot to additional targets within the network. Compromised systems could be used to launch further attacks, increasing the risk of data breaches and operational downtime. The integrity and confidentiality of enterprise data could be severely impacted, risking financial losses and damage to organizational reputation.
REFERENCES