Ivanti EPM SQLi RCE (CVE-2024-29824)
Description
Ivanti Endpoint Manager (EPM) contains an SQL injection vulnerability (CVE-2024-29824) that allows unauthenticated attackers on the adjacent network to execute arbitrary SQL commands. This vulnerability can be exploited to achieve remote code execution on the affected system, leading to complete system compromise.
Remediation
Apply security patches immediately by upgrading Ivanti EPM to the latest patched version as specified in the Ivanti Security Advisory (May 2024). Follow these steps:
1. Review the Ivanti Security Advisory to identify the appropriate patch version for your EPM deployment
2. Schedule a maintenance window and create a full system backup before applying updates
3. Download and install the latest security patches from the official Ivanti support portal
4. Verify the patch installation was successful and test critical EPM functionality
5. Monitor system logs for any signs of prior exploitation
As an interim mitigation if immediate patching is not possible, restrict network access to the EPM server to trusted IP addresses only and monitor for suspicious SQL queries in application logs.