CVE-2024-29847
Ivanti EPM Deserialization RCE
Description
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
INFO
Published Date :
Sept. 12, 2024, 2:15 a.m.
Last Modified :
Sept. 12, 2024, 10:35 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
Public PoC/Exploit Available at Github
CVE-2024-29847 has a 2 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-29847.
| URL | Resource |
|---|---|
| https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Exploit for CVE-2024-29847
ASP.NET
Ivanti EPM AgentPortal RCE Vulnerability
C#
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-29847 vulnerability anywhere in the article.
-
Help Net Security
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in ... Read more
-
TheCyberThrone
CISA KEV Update September 2024 -Part V
The US CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitationThe first vulnerability tracked as CVE-2024-43461, Microsoft Windows MSH ... Read more
-
Cybersecurity News
166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8)
A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popula ... Read more
-
BleepingComputer
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ... Read more
-
Cybersecurity News
New Zero-Day Emerges After Microsoft Patch Tuesday: CVE-2024-43461 Targets Windows MSHTML
IE and a promote window dialog appear when the victim double-clicks on the .url file | Image: Check PointIn an unexpected turn of events, Microsoft has revised its September 2024 Patch Tuesday securit ... Read more
-
Help Net Security
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-202 ... Read more
-
TheCyberThrone
CISA adds Ivanti Bug CVE-2024-8190 to its Catalog
The US CISA added Ivanti vulnerability tracked as CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitationThe vulnerability affects Ivanti Cloud Servic ... Read more
-
The Hacker News
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Enterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity ... Read more
-
Cybersecurity News
CISA & Ivanti Warn of Active Exploitation Cloud Services Appliance Flaw CVE-2024-8190
A high-severity vulnerability (CVE-2024-8190) in Ivanti Cloud Services Appliance (CSA) is under active exploitation, prompting an urgent directive from the U.S. Cybersecurity and Infrastructure Securi ... Read more
-
TheCyberThrone
Solarwinds fixes CVE-2024-28990 & CVE-2024-28991 in ARM Product
SolarWinds has released patches for two vulnerabilities affecting their Access Rights Manager (ARM) software, that have the potential to compromise the security of networks utilizing ARM, with impacts ... Read more
-
TheCyberThrone
Apache OFBiz Vulnerability CVE-2024-45195 actively exploited
Apache OFBiz has got a security update for a flaw CVE-2024-45195 with a CVSS score of 7.5 that allows attackers to bypass authorization checks and execute arbitrary code on the server, even without v ... Read more
-
Cybersecurity News
PAN-OS Vulnerabilities: Command Injection (CVE-2024-8686) and GlobalProtect Exposure (CVE-2024-8687)
Palo Alto Networks, a leading cybersecurity solutions provider, has recently released a critical security advisory, urging its customers to take immediate action to address several vulnerabilities dis ... Read more
-
TheCyberThrone
Ivanti fixes critical vulnerability in EPM -CVE-2024-29847
Ivanti fixed a critical vulnerability in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core serverThe vulnerability tracked as CVE-2024-29847 with ... Read more
The following table lists the changes that have been made to the
CVE-2024-29847 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Sep. 12, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-502 -
Initial Analysis by [email protected]
Sep. 12, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 No Types Assigned https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 Vendor Advisory Added CWE NIST CWE-502 Added CPE Configuration OR *cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* versions up to (excluding) 2022 *cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:* -
CVE Received by [email protected]
Sep. 12, 2024
Action Type Old Value New Value Added Description Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. Added Reference HackerOne https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 [No types assigned] Added CVSS V3 HackerOne AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-29847 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-29847
weaknesses.