Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security

Maximum severity Ivanti EPM flaw patched

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Fixes have been issued by Ivanti for a maximum severity flaw impacting its Endpoint Management software, tracked as CVE-2024-29847, which could be leveraged to facilitate remote code execution in and compromise of the EPM core server, BleepingComputer reports.

No active exploitation of the vulnerability, which stemmed from the agent portal's untrusted data serialization issue, has been observed so far, according to Ivanti, which also patched nearly two dozen other critical and high-severity bugs in EPM, Cloud Service Appliance, and Workspace Control. Ivanti has also touted the implementation of more robust internal scanning, testing, and manual exploitation capabilities to accelerate vulnerability remediation efforts following the recent comprehensive exploitation of zero-days affecting its products. "This has caused a spike in discovery and disclosure, and we agree with CISA's statement that the responsible discovery and disclosure of CVEs is 'a sign of healthy code analysis and testing community," added Ivanti.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds