Ivanti EPM Vulnerabilities
Description
This analytic story covers various vulnerabilities identified in Ivanti Endpoint Manager (EPM), including but not limited to SQL injection, remote code execution, and privilege escalation. These vulnerabilities can potentially be exploited by adversaries to gain unauthorized access, execute arbitrary code, and compromise the security of managed endpoints.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Web
- Last Updated: 2024-06-18
- Author: Michael Haag, Splunk
- ID: 4dcadae4-df82-42f3-9e77-4d852d20ac78
Narrative
Ivanti Endpoint Manager (EPM) is a comprehensive solution for managing and securing enterprise endpoints. However, like any complex software, it is not immune to vulnerabilities. This story aggregates multiple CVEs affecting Ivanti EPM, providing insights into different types of security weaknesses such as SQL injection, remote code execution, and privilege escalation. By understanding and monitoring these vulnerabilities, organizations can better protect their infrastructure from potential attacks and ensure the integrity and security of their managed devices.
Detections
| Name | Technique | Type |
|---|---|---|
| Ivanti EPM SQL Injection Remote Code Execution | Exploit Public-Facing Application | TTP |
Reference
- https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29824
- https://github.com/projectdiscovery/nuclei-templates/pull/10020/files
source | version: 1