CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29824

Critical Severity
Ivanti
SVRS
77/100
CVSSv3
8.8/10
EPSS
0.94366/1

CVE-2024-29824: Critical SQL Injection vulnerability in Ivanti EPM allows remote code execution. Discover how to protect your systems from this actively exploited threat. CVE-2024-29824 is an unauthenticated SQL Injection vulnerability affecting Ivanti EPM 2022 SU5 and prior. An attacker on the same network can exploit this to execute arbitrary code on the Core server. With an SVRS of 77, this vulnerability is nearing critical levels and requires immediate attention. The presence of active exploits and its listing in the CISA KEV catalog highlights the urgency. Successful exploitation poses a significant risk, potentially leading to complete system compromise and data breaches. Organizations using affected Ivanti EPM versions must prioritize patching to mitigate this severe security risk.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:A
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-05-31
LAST MODIFIED2024-10-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-29824 is an SQL Injection vulnerability in Ivanti EPM 2022 SU5 and prior. It allows an unauthenticated attacker within the same network to execute arbitrary code. The CVSS score of 9.6 indicates a critical severity, while the SOCRadar Vulnerability Risk Score (SVRS) of 50 suggests a moderate risk.

Key Insights

  • Remote Exploitation: The vulnerability can be exploited remotely, allowing attackers to target systems without physical access.
  • Arbitrary Code Execution: Successful exploitation grants attackers the ability to execute arbitrary code on the affected system, potentially leading to data theft, system compromise, or malware installation.
  • Network Access Required: Attackers must be within the same network as the vulnerable system to exploit this vulnerability.
  • Active Exploitation: The vulnerability is actively exploited in the wild, indicating that attackers are actively targeting systems with this flaw.

Mitigation Strategies

  • Apply Software Updates: Install the latest security updates from Ivanti to patch the vulnerability.
  • Restrict Network Access: Limit network access to the affected systems to reduce the risk of exploitation.
  • Implement Intrusion Detection Systems (IDS): Deploy IDS to detect and block malicious activity targeting the vulnerability.
  • Use Web Application Firewalls (WAF): Configure WAFs to block SQL injection attacks.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-298242024-10-02
codeb0ss/CVE-2024-29824-PoChttps://github.com/codeb0ss/CVE-2024-29824-PoC2024-07-12
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.827
2025-03-13
1.827 | Newly Added (3)Multiple Vulnerabilities fixed in Ivanti Endpoint Manager 2022 SU6Security Vulnerabilities fixed in Adobe Acrobat APSB25-14Security Vulnerabilities fixed in Adobe Acrobat Reader APSB25-14Modified (43)<ul
fortiguard.com
rss
forum
news
1.806
2025-01-22
1.806 | Modified (12)VMware Remote Console CVE-2019-5543 Permission Bypass VulnerabilitySecurity Vulnerabilities fixed in VMware Horizon Client 5.5.0VMware Horizon Client CVE-2020-3961 Permission Bypass VulnerabilityVMware vRealize Operations CVE
fortiguard.com
rss
forum
news
Metasploit 2024 Annual Wrap-Up
Spencer McIntyre2025-01-03
Metasploit 2024 Annual Wrap-Up | Another year has come and gone, and the Metasploit team has taken some time to review the year’s notable additions. This year saw some great new features added, Metasploit 6.4 released and a slew of new modules. We’re grateful to the community members new and old thatAnother year
rapid7.com
rss
forum
news
The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition
SentinelOne2024-12-27
The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition | Before we ring in the New Year, SentinelOne reviews and reflects on some of the most formative cyber news stories that occurred in 2024.It’s almost time to wave goodbye to the year that was 2024, and as we look ahead to 2025 and the challenges that might bring, now is a good time to reflect on the best, the worst and the ugliest cybersecurity
sentinelone.com
rss
forum
news
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast - Help Net Security
2024-10-06
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them
google.com
rss
forum
news
7th October– Threat Intelligence Report
hagarb2024-12-02
7th October– Threat Intelligence Report | For the latest discoveries in cyber research for the week of 7th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Chinese state-sponsored hackers, dubbed &#8220;Salt Typhoon&#8221;, infiltrated US telecom companies such as Verizon, AT&#38;T, and Lumen Technologies. The attackers gained access to systems used for court-authorized wiretaps, potentially remaining undetected for months [&#8230;] The post 7th October– Threat Intelligence Report appeared first on <a href="https://
checkpoint.com
rss
forum
news
Data Breaches Digest - Week 40 2024
Dunkie ([email protected])2024-12-02
Data Breaches Digest - Week 40 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 30th September and 6th October 2024. 6th October <br
dbdigest.com
rss
forum
news

Social Media

CVE-2024-29824 alert 🚨 Ivanti Endpoint Manager: unauthenticated SQL Injection Actively Exploited (CVSS: 9.6/10) The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Patrowl https://t.co/8eOdrttiDC
0
0
0
#DOYOUKNOWCVE CISA added CVE-2024-29824 to the Known Exploited Vulnerabilities (KEV) catalog! CVE-2023-25280: Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability. It allows attackers to manipulate database queries, potentially leading to unauthorized access or data https://t.co/UFu6Ag8NtM
0
0
0
CVE-2024-29824: Critical Vulnerability in Ivanti Endpoint Manager Actively Exploited, PoC Published https://t.co/7BAdwBrKlx
0
1
1
La CISA avertit que la faille d’injection SQL dans le serveur Core d’Ivanti EPM CVE-2024-29824 (corrigée en mai 2024) est activement exploitée. Pour ceux qui ne l’ont pas encore fait, il est fortement conseillé de patcher https://t.co/aGdKs5sPrt
0
0
0
CISA adds CVE-2024-29824 to its KEV Catalog https://t.co/3kVtoll2Kf
0
0
0
CVE-2024-29824: Critical Vulnerability in Ivanti Endpoint Manager Actively Exploited, PoC Published https://t.co/3uPX7Putdn
0
1
4
RT @inversecos: NEW LAB 🥳: WinDbg Crash Dump Analysis by @DebugPrivilege Using WinDbg to analyze dumps of CVE-2024-29824 and CVE-2023-293…
0
48
0
🚨 CVE-2024-29824 Mass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE) ⚡ https://t.co/Jc8pFmHfRo https://t.co/6WPUeTIpcl
0
0
0
#ThreatProtection #CVE-2024-29824 - #SQL Injection #Vulnerability in #Ivanti Endpoint Manager, read more about Symantec's protection: https://t.co/Aj3AJVW9t9
0
0
0
https://t.co/icksKdsswr - Researchers developed an exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager, posing major threat. Ivanti released a patch within six weeks. Organizations advised to implement the patch and restrict access for added security. #…
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppIvantiendpoint_manager

References

ReferenceLink
[email protected]https://forums.ivanti.com/s/article/Security-Advisory-May-2024

CWE Details

CWE IDCWE NameDescription
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence