Thought Leadership
A critical vulnerability in Ivanti’s endpoint management solution has alarmed security researchers.
The vulnerability with the identifier CVE-2024-29824 was originally discovered by an independent researcher and sold to Trend Micro’s Zero Day Initiative (ZDI). ZDI subsequently informed the software manufacturer Ivanti about the discovery on April 3.
The vulnerability is an SQL injection vulnerability in the company’s central endpoint management software. It allows unauthenticated attackers to execute remote code on the managed devices. Due to the critical risk, the error received the highest possible risk rating of 9.8 out of 10 possible points.
“Endpoint Manager usually runs with elevated privileges, so it can be used to take over an Ivanti system completely,” warns Dustin Childs, head of threat analysis at ZDI. “From there, attackers would be able to access all other systems and exploit the Manager’s functions.”
The security company Horizon3.ai analyzed the bug in more detail and made the PoC exploit available on GitHub. According to the report, the vulnerability lies in a function called “RecordGoodApp” within a DLL file. Here, user input is not sufficiently validated before SQL queries are formed. A simple exploit attempt was enough to execute the Windows Notepad app on a target system.
Ivanti itself has now released a patch for the critical vulnerability. Experts urgently recommend installing the update as soon as possible.
