Security News > 2024 > September > Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
2024-09-11 11:50
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it as a beachhead for burrowing into corporate networks and devices. The fixes CVE-2024-29847 affects the agent portal of Ivanti Endpoint Manager versions 2024 (with the September update) and 2022 SU5 and earlier, and stems from the application’s improper … More → The post Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/11/cve-2024-29847/
Related news
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |