CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29847

Critical Severity
Ivanti
SVRS
87/100
CVSSv3
9.8/10
EPSS
0.6816/1

CVE-2024-29847 is a critical remote code execution vulnerability affecting Ivanti EPM. This vulnerability allows an unauthenticated attacker to execute arbitrary code by exploiting deserialization of untrusted data.

The vulnerability, present in the agent portal of Ivanti EPM before 2022 SU6 and the 2024 September update, has an extremely high SOCRadar Vulnerability Risk Score (SVRS) of 87, indicating immediate action is crucial. With a CVSS score of 9.8, the severity is confirmed. The presence of "In The Wild" and "Exploit Available" tags, compounded with the active exploits published, means the risks are magnified. Exploitation could lead to complete system compromise, data breaches, and significant operational disruption, making patching or mitigation efforts extremely urgent.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-09-12
LAST MODIFIED2024-09-12
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-29847 is a critical vulnerability in Ivanti EPM that allows remote unauthenticated attackers to execute code remotely by deserializing untrusted data in the agent portal. The CVSS score of 9.8 and SVRS of 97 indicate the severity and urgency of this threat.

Key Insights

  • Active Exploitation: Active exploits have been published, indicating that hackers are actively exploiting this vulnerability.
  • Remote Code Execution: The vulnerability allows attackers to execute arbitrary code on affected systems, potentially leading to data theft, system compromise, or ransomware attacks.
  • Unauthenticated Access: The vulnerability can be exploited without requiring any authentication, making it easier for attackers to target vulnerable systems.
  • Wide Impact: Ivanti EPM is widely used in enterprise environments, increasing the potential impact of this vulnerability.

Mitigation Strategies

  • Apply Updates: Install the latest security updates from Ivanti as soon as possible.
  • Disable Agent Portal: If possible, disable the agent portal until the vulnerability is patched.
  • Network Segmentation: Implement network segmentation to limit the spread of potential attacks.
  • Monitor for Suspicious Activity: Monitor systems for any suspicious activity or unauthorized access attempts.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • Users with additional queries can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
sinsinology/CVE-2024-29847https://github.com/sinsinology/CVE-2024-298472024-09-14
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Monday, September 16th, 2024
Dr. Johannes B. Ullrich2024-09-16
ISC StormCast for Monday, September 16th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DBScan Examples; Credential Flusher; Ivanti Vulnerabilities; File Sender; Docker PatchFinding Honeypot Clusters Using DBSCAN https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194 Auto IT Credential Flusher https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/ File Sender Vulnerability
sans.edu
rss
forum
news
1.827
2025-03-13
1.827 | Newly Added (3)Multiple Vulnerabilities fixed in Ivanti Endpoint Manager 2022 SU6Security Vulnerabilities fixed in Adobe Acrobat APSB25-14Security Vulnerabilities fixed in Adobe Acrobat Reader APSB25-14Modified (43)<ul
fortiguard.com
rss
forum
news
16th September – Threat Intelligence Report
hagarb2024-11-01
16th September – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused [&#8230;] The post 16th September – Threat Intelligence Report appeared first on Check Point Research
checkpoint.com
rss
forum
news
Tageszusammenfassung - 13.09.2024
CERT.at2024-11-01
Tageszusammenfassung - 13.09.2024 | End-of-Day report Timeframe: Donnerstag 12-09-2024 18:00 - Freitag 13-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer News Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media With the US election on the horizon, it-s a good time to explore the concept of social media weaponization and its use in asymmetrically manipulating public opinion through bots, automation, AI, and shady new tools in what Trustwave
cert.at
rss
forum
news
Tageszusammenfassung - 17.09.2024
CERT.at2024-11-01
Tageszusammenfassung - 17.09.2024 | End-of-Day report Timeframe: Montag 16-09-2024 18:00 - Dienstag 17-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer News Exploit code released for critical Ivanti RCE flaw, patch now A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. https://
cert.at
rss
forum
news
Newly patched Ivanti CSA flaw under active exploitation - CSO Online
2024-09-13
Newly patched Ivanti CSA flaw under active exploitation - CSO Online | News Content: The Cloud Service Appliance command injection vulnerability — patched as part of the final update for end-of-life CSA version 4.6 — has been attacked in the wild, Ivanti confirms. Credit: Shutterstock IT management solutions provider Ivanti confirmed that a high-severity flaw patched this week in an older version of its Cloud Service Appliance (CSA) has been exploited in attacks. The vulnerability was fixed as part of the company’s September security update, which also included patches for critical and high-severity flaws in other products. “​​Following public
google.com
rss
forum
news
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure - SecurityWeek
2024-09-16
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure - SecurityWeek | News Content: In-the-wild exploitation of the Ivanti Cloud Service Appliance (CSA) vulnerability tracked as CVE-2024-8190 started just days after the vendor announced the availability of patches. Ivanti disclosed the flaw on September 10, when it informed customers that this high-severity issue can allow unauthorized access to devices. “An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability,” Ivanti
google.com
rss
forum
news

Social Media

Exploit code released for critical Ivanti RCE flaw, patch now A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update de... https://t.co/AmOUWmAfe9
0
0
0
Actively exploited CVE : CVE-2024-29847
1
0
0
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – https://t.co/xjjW0njRQe https://t.co/v5Jo8eIWB0
0
0
0
On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). Find Arctic Wolf's recommendations. #EndCyberRisk https://t.co/c1NSdILYA3
0
0
0
CVE-2024-29847 alert 🚨 IVANTI ENDPOINT MANAGER : Deserialization of untrusted data allows pre-Auth Remote Code Execution (CVSS: 10/10) The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #IVANTI #CVE https://t.co/OpNENeknJH
0
0
0
Ivanti Endpoint Manager, a widely used IT management software, has discovered a critical security vulnerability. CVE-2024-29847 vulnerability allows for remote code execution by deserializing untrusted data. This flaw poses a… https://t.co/aDMqtvLTF0 #CyberSecurity #InfoSec
0
0
0
Últimas noticias sobre #Hacking: En las últimas 24 horas, destacan la vulnerabilidad CVE-2024-29847 en Ivanti Endpoint Manager y un ataque con ransomware al Puerto de Seattle. Además, Mastercard adquiere Recorded Future para reforzar la inteligenci... 👉 https://t.co/riPgiJkFG3 https://t.co/fqB6EbWZq7
0
0
0
https://t.co/sHTnDhgF2l - Ivanti discloses actively exploited CVE-2024-8190 vulnerability in Cloud Service Appliance, urges upgrade to 5.0. CISA mandates fix by Oct 4. https://t.co/H5ulUpDxME details critical CVE-2024-29847 in Endpoint Manager. #Xynik #Cybersecurity #Vulnerabil…
0
0
0
CVE-2024-29847: Critical Vulnerabilities in Ivanti Endpoint Manager. #CyberSecurity #PatchTuesday #ZeroDay #Ivanti #ThreatIntelligence #Windows #WindowsUpdate #MicrosoftEDU Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) - Help Net Security
0
0
0
[CVE-2024-29847: CRITICAL] Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.#cybersecurity,#vulnerability https://t.co/FH4mf7mQZX https://t.co/VIXvh1ssrR
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppIvantiendpoint_manager

References

ReferenceLink
[email protected]https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
GITHUBhttps://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence