CVE-2024-29847

Published Sep 12, 2024

Last updated 2 years ago

Ivanti EPM

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-29847 is a deserialization of untrusted data vulnerability that exists in the agent portal of Ivanti Endpoint Manager (EPM) versions before 2022 SU6, and the September 2024 update. This vulnerability allows a remote, unauthenticated attacker to achieve remote code execution on the affected system. The vulnerability lies within the AgentPortal.exe executable, which constructs a URL with a dynamically assigned port without proper security enforcement and saves it to the registry. An attacker can exploit this by crafting a hashtable containing serialized objects and sending it to the vulnerable endpoint. Upon deserialization, this allows the attacker to perform arbitrary operations, including reading or writing files on the server, potentially leading to the execution of malicious code.

Description: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Source: support@hackerone.com
NVD status: Modified
Products: endpoint_manager

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 3.0

Type: Secondary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-502
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705",
            "versionEndExcluding": "2022",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
            "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
            "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
            "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
            "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*",
            "matchCriteriaId": "1877FB55-76BA-4714-ABB8-47258132F537",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*",
            "matchCriteriaId": "4F9E8D45-5F12-4D45-A74E-C314FA3618A3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*",
            "matchCriteriaId": "6C7283FE-C10A-4E37-B004-15FB0CAC49A5",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.