Security News > 2024 > September > Exploit code released for critical Ivanti RCE flaw, patch now
2024-09-16 19:08
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. [...]
News URL
Related news
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical Progress WhatsUp RCE flaw now under active exploitation (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access (source)
- SolarWinds fixes critical RCE bug affecting all Web Help Desk versions (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |