CVE-2024-29847

Published Sep 12, 2024

Last updated a year ago

CVSS critical 9.8
Ivanti EPM

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-29847 is a deserialization of untrusted data vulnerability that exists in the agent portal of Ivanti Endpoint Manager (EPM) versions before 2022 SU6, and the September 2024 update. This vulnerability allows a remote, unauthenticated attacker to achieve remote code execution on the affected system. The vulnerability lies within the AgentPortal.exe executable, which constructs a URL with a dynamically assigned port without proper security enforcement and saves it to the registry. An attacker can exploit this by crafting a hashtable containing serialized objects and sending it to the vulnerable endpoint. Upon deserialization, this allows the attacker to perform arbitrary operations, including reading or writing files on the server, potentially leading to the execution of malicious code.

Description
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Source
support@hackerone.com
NVD status
Modified
Products
endpoint_manager

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 3.0

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
CWE-502
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-502

Social media

Hype score
Not currently trending

  1. 🪡 The Real Slim Shady: Ivanti Endpoint Manager (EPM) Pre-Auth RCE(CVE-2024-29847) Blog: https://t.co/R0NCi8LpqN author: @SinSinology #infosec https://t.co/hm9Rq1o0fq

    @mqst_

    17 Aug 2025

    7775 Impressions

    20 Retweets

    107 Likes

    36 Bookmarks

    0 Replies

    0 Quotes

  2. "Ivanti EPM RCE via .NET Remoting Deserialization (CVE-2024-29847)" by Sharon #DEVCommunity #RCE #vulnerability #cybersecurity https://t.co/sUSUpgaVif

    @Sharon18866

    1 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-3935 2 - CVE-2024-29269 3 - CVE-2024-29847 4 - CVE-2025-30397 5 - CVE-2025-37752 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 💤 The real slim shady: Ivanti Endpoint Manager (EPM) Pre-Auth RCE CVE-2024-29847 Blog: https://t.co/R0NCi8LpqN author: @SinSinology #infosec https://t.co/NjtwcgiS92

    @mqst_

    31 May 2025

    1157 Impressions

    2 Retweets

    13 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  5. Exploit code released for critical Ivanti RCE flaw, patch now A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update de... https://t.co/AmOUWmAfe9

    @SecurityAid

    5 Jan 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.