Security News > 2024 > September > Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
2024-09-11 11:50
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it as a beachhead for burrowing into corporate networks and devices. The fixes CVE-2024-29847 affects the agent portal of Ivanti Endpoint Manager versions 2024 (with the September update) and 2022 SU5 and earlier, and stems from the application’s improper … More → The post Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/11/cve-2024-29847/
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Automating endpoint management (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |