PoC Exploit Ivanti Endpoint Manager Remote Code Execution Vulnerability

   September 17, 2024  Posted in CyberSecurityNews


Ivanti Endpoint Manager, a widely used IT management software, has discovered a critical security vulnerability.

CVE-2024-29847 vulnerability allows for remote code execution by deserializing untrusted data. This flaw poses a significant risk to organizations relying on Ivanti’s endpoint management and security solutions.

EHA

Details of the Vulnerability

CVE-2024-29847 affects the AgentPortal component of Ivanti Endpoint Manager. The vulnerability stems from improper handling of serialized data, allowing attackers to execute arbitrary code remotely.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

This can lead to unauthorized access, data breaches, and further exploitation within affected networks.A proof-of-concept (PoC) exploit has been released, demonstrating the ease with which this vulnerability can be exploited.

The PoC highlights the flaw’s critical nature and underscores the urgency of organizations addressing this issue promptly.

Exploit Demonstration

The PoC exploit for CVE-2024-29847 is executed using a specific command:

CVE-2024-29847.exe --uselease --installdir "C:Program FilesLANDeskManagementSuiteLANDeskManagementSuiteCoreCore.Webservices" tcp://192.168.0.200:49669/LDSM exec test

This command targets the vulnerable component and executes a test command, showcasing how an attacker can leverage this vulnerability to gain control over the affected system.

Ivanti has responded swiftly to this security threat by releasing updates and providing guidance on mitigating the risk associated with CVE-2024-29847 by Github.

Organizations are strongly advised to update their Ivanti Endpoint Manager installations to the latest version immediately. For those unable to update immediately, Ivanti recommends implementing specific configuration changes to minimize exposure until a full update can be applied.

Root Cause Analysis

This analysis provides in-depth insights into how the vulnerability was discovered and exploited, offering valuable information for security professionals seeking to understand and mitigate similar threats in their environments.

The discovery of CVE-2024-29847 highlights the ongoing challenges in securing complex IT management systems.

Organizations using Ivanti Endpoint Manager must act quickly to protect their networks from potential exploitation. Staying informed about vulnerabilities and applying timely updates are crucial to maintaining robust cybersecurity defenses.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial



Source link