Ivanti has issued security updates for its Endpoint Manager (EPM) 2024 and 2022 SU6 versions, addressing several critical and high-severity vulnerabilities that could lead to unauthorized access to the EPM core server.
Ivanti Endpoint Manager (formerly known as LANDesk) is a comprehensive system management solution designed to help organizations manage, secure, and optimize their IT infrastructure.
It provides tools for managing endpoints such as desktops, laptops, servers, and mobile devices, whether they are in the office or remote.
The vulnerabilities affect the following versions of Ivanti Endpoint Manager:
- Ivanti Endpoint Manager 2024: Requires both the July and September security patches.
- Ivanti Endpoint Manager 2022 SU5 and earlier: Users are advised to upgrade to 2022 SU6.
Key Vulnerabilities:
- CVE-2024-37397: An External XML Entity (XXE) vulnerability in the provisioning web service. This flaw could allow remote unauthenticated attackers to leak API secrets.
- CVE-2024-8191: A SQL injection vulnerability in the management console. Exploitation could lead to remote code execution.
- Multiple SQL Injection Flaws: Several critical SQL injection vulnerabilities (CVE-2024-32840 through CVE-2024-34785) allow remote authenticated attackers with admin privileges to achieve remote code execution.
- CVE-2024-8320 & CVE-2024-8321: Missing authentication vulnerabilities in Network Isolation, potentially allowing unauthorized attackers to spoof device status or isolate devices from the network.
- CVE-2024-29847: A critical deserialization of untrusted data vulnerability in the agent portal, which could allow remote unauthenticated attackers to execute code.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar
Patch The Vulnerabilities
For EPM 2024, users can apply a security hot patch, provided they have installed the July 2024 patch. The necessary files, such as LANDesk.AlertManager.Business.dll and PatchBiz.dll, can be deployed using PowerShell. A reboot is required post-installation. EPM 2022 users are advised to apply SU6 for full protection.
To download the Security Hot Patch files for Ivanti Endpoint Manager (EPM) Patch Tuesday – September 2024, follow these steps. After downloading, the resulting .zip file should contain the following items:
| Algorithm | Hash | File |
| SHA256 | 04D9372B3DD02A7A7852C5156CC3AD8F308A93EB9530AE66EEABB61E11149A80 | LANDesk.AlertManager.Business.dll |
| SHA256 | 82751B17DDEF3EEA1D41191750235E085616AA0D03092D24F9632E8995A01162 | LANDesk.AlertManager.Data.dll |
| SHA256 | BDFF331D252F87651E837550253C050E70093C31D6AB57945D50E3E2DA5AAB5C | LANDesk.ManagementSuite.Data.dll |
| SHA256 | 0F05DD4AD02A65AD2E2E856BD829CBB198645A94D6049F58F13354D00656A710 | LANDesk.Provisioning.Business.dll |
| SHA256 | B6703986A362745D7F87A303C2F9820D04A6DC62ABC4A421CB47AE1F936FCCE1 | LANDesk.ServerInfo.Data.dll |
| SHA256 | 574CCB3882F0BC674513F2985C433E21C80E2C0BECEF39753F378AA0A6B48C62 | LANDesk.ServerInfo.UI.dll |
| SHA256 | 5392346DC92BEB5432A2A146A0BAA82A10BE019D70C394AA40507153DBE34EB3 | PatchBiz.dll |
| SHA256 | 13B2087DEA3F98B5F1638002F753B1406BEDD7A6DB0E57632C4AB663CA973DD6 | WSVulnerabilityCore.dll |
Ivanti has confirmed that, as of the date of disclosure, no active exploitation of these vulnerabilities has been detected. The vulnerabilities were reported via responsible disclosure and no known indicators of compromise have been provided.