惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
Stack Overflow Blog
Stack Overflow Blog
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Proofpoint News Feed
J
Java Code Geeks
Microsoft Security Blog
Microsoft Security Blog
M
MIT News - Artificial intelligence
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
U
Unit 42
腾讯CDC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
H
Help Net Security
Recent Announcements
Recent Announcements
P
Privacy & Cybersecurity Law Blog
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LINUX DO - 热门话题
Martin Fowler
Martin Fowler
MongoDB | Blog
MongoDB | Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Heimdal Security Blog
博客园 - 聂微东
S
Securelist
大猫的无限游戏
大猫的无限游戏
Cloudbric
Cloudbric
Cisco Talos Blog
Cisco Talos Blog

Vulnerabilities – ThreatDown by Malwarebytes

June 2025 Microsoft Patch Tuesday fixes two zero-days April 2025 Patch Tuesday includes one zero-day March 2025 Patch Tuesday, severity over quantity What is Cross-Site Scripting (XSS)? - ThreatDown by Malwarebytes Why ransomware gangs want you to keep using that GPON router - ThreatDown by Malwarebytes Hybrid cloud environments are not safe from ransomware Windows MSHTML vulnerability actively exploited - ThreatDown by Malwarebytes Update now! Four zero-days fixed in September Patch Tuesday - ThreatDown by Malwarebytes Ransomware gangs target SonicWall vulnerability
Update now! Critical CVSS 10 vulnerability in Ivanti EPM - ThreatDown by Malwarebytes
Mark Stockley · 2024-09-11 · via Vulnerabilities – ThreatDown by Malwarebytes
Ivanti

Ivanti has released a fix for CVE-2024-29847, a deserialization of untrusted data flaw that allows remote code execution in its Endpoint Management solution.

Ivanti has released a fix for a slew of serious vulnerabilities in its Endpoint Management (EPM) software, including CVE-2024-29847, a deserialization of untrusted data (CWE-502) flaw that allows remote code execution. The vulnerability carries the maximum CVSS score of 10, which means that it’s both extremely dangerous and easy to exploit. Ivanti says that “successful exploitation could lead to unauthorized access to the EPM core server.”

Ivanti EPM is a Unified Endpoint Management (UEM) solution that allows users to manage software on their endpoints. Given the privileged access the software enjoys, a compromise could be catastrophic.

The sky-high CVSS score is a green light for cybercriminals, who are no doubt already hard at work reverse engineering the patch and working out how to exploit it.

Speed is of the essence and we urge you to patch quickly.

Ivanti says the vulnerability affects the 2024 and 2022 SU5 versions of EPM. A security “Hot Patch” is available for the later version, while 2022 SU5 customers should update to SU6.

Alongside the deserialization bug, the updates also fix no less than nine separate SQL injection flaws, all rated critical, all carrying a CVSS score of 9.1, and all of which could allow “a remote authenticated attacker with admin privileges to achieve remote code execution.”

The last 12 months has been a year to forget for Ivanti, as it’s dealt with a steady stream of serious vulnerabilities, starting with a pair of actively exploited zero-days in its Endpoint Manager Mobile in July and August last year. Then in January, a pair of serious vulnerabilities in its VPN software were actively exploited in such massive numbers that CISA ordered federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure. This was quickly followed by the discovery of another critical vulnerability in the software in early February, and yet more vulnerabilities with eye-watering CVSS scores in its Standalone Sentry and Ivanti Neurons for ITSM products in March.

As serious as these bugs are, their discovery may be as much as a sign of progress as they are of weakness. In a blog post accompanying the latest advisory, the company sought to explain, not unreasonably, that the most recent vulnerabilities were discovered as a result of it stepping up its bug hunting efforts:

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have additionally made improvements to our responsible disclosure process so that we can promptly discover and address potential issues. This has caused a spike in discovery and disclosure, and we agree with CISA’s statement that the responsible discovery and disclosure of CVEs is “a sign of healthy code analysis and testing community.

When judging the health of a codebase, the rate of discovery can be more instructive than the total number of finds, so we suggest Ivanti users keep a close eye on the company’s updates as its new process does its work

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in check by using ThreatDown’s Vulnerability Assessment and Patch Management solutions.