Ivanti Endpoint Manager SQLi Vulnerability Allows Remote Code Execution


A critical security flaw, CVE-2024-37381, has been discovered in the Ivanti Endpoint Manager (EPM) 2024 flat. The vulnerability is an unspecified SQL injection flaw in the core server component of EPM, potentially allowing attackers to execute arbitrary code on affected systems.

The vulnerability has been assigned a CVSS score of 8.4, indicating its high severity. An authenticated attacker within the same network can exploit this vulnerability to execute arbitrary code on the affected system.

EHA

Ivanti has released a Security Hot Patch to address this issue. The patch is specifically designed for the EPM 2024 flat and includes updated DLL files that must be installed on the Core Server.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

To apply the patch, administrators must download the Security Hot Patch files, which include PatchApi.dll and MBSDKService.dll. These files should be used to replace the original DLLs in specific locations on the EPM Core Server. After installation, a system reboot or IIS reset is required for the changes to take effect.

It’s important to note that Ivanti stated they were not aware of any customers being exploited by this vulnerability at the time of disclosure. However, given the potential impact of the flaw, it is strongly recommended that affected organizations apply the patch as soon as possible.

For organizations concerned about potential compromise, Ivanti has noted that there are currently no known public exploitations of this vulnerability that could provide a list of indicators of compromise.

This security issue is not considered a “supply chain attack,” as Ivanti has found no indication that the vulnerability was maliciously introduced into their code development process.

Administrators are advised to verify the patch’s successful application by confirming the hashes of the updated DLL files against those provided in Ivanti’s security advisory.

As always, organizations using Ivanti Endpoint Manager should stay informed about security updates and apply them promptly to maintain the security of their systems.

To verify if your Ivanti Endpoint Manager (EPM) is up-to-date, you can follow these steps:

To check the current version, Open the Core Server Activation utility and click on Licenses. This will display all the versions assigned to your credentials.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo



Source link