Ivanti Endpoint Manager SQLi Vulnerability Allows Remote Code Execution
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
Ivanti Endpoint Manager SQLi Vulnerability Allows Remote Code Execution
Author: Guru BaranA critical security flaw, CVE-2024-37381, has been discovered in the Ivanti Endpoint Manager (EPM) 2024 flat. The vulnerability is an unspecified SQL injection flaw in the core server component of EPM, potentially allowing attackers to execute arbitrary code on affected systems.
The vulnerability has been assigned a CVSS score of 8.4, indicating its high severity. An authenticated attacker within the same network can exploit this vulnerability to execute arbitrary code on the affected system.
Ivanti has released a Security Hot Patch to address this issue. The patch is specifically designed for the EPM 2024 flat and includes updated DLL files that must be installed on the Core Server.
To apply the patch, administrators must download the Security Hot Patch files, which include PatchApi.dll and MBSDKService.dll. These files should be used to replace the original DLLs in specific locations on the EPM Core Server. After installation, a system reboot or IIS reset is required for the changes to take effect.
It’s important to note that Ivanti stated they were not aware of any customers being exploited by this vulnerability at the time of disclosure. However, given the potential impact of the flaw, it is strongly recommended that affected organizations apply the patch as soon as possible.
For organizations concerned about potential compromise, Ivanti has noted that there are currently no known public exploitations of this vulnerability that could provide a list of indicators of compromise.
This security issue is not considered a “supply chain attack,” as Ivanti has found no indication that the vulnerability was maliciously introduced into their code development process.
Administrators are advised to verify the patch’s successful application by confirming the hashes of the updated DLL files against those provided in Ivanti’s security advisory.
As always, organizations using Ivanti Endpoint Manager should stay informed about security updates and apply them promptly to maintain the security of their systems.
To verify if your Ivanti Endpoint Manager (EPM) is up-to-date, you can follow these steps:
To check the current version, Open the Core Server Activation utility and click on Licenses. This will display all the versions assigned to your credentials.
You can refer to Cyber Press about a patch to Patch (CVE-2024-37381) Ivanti Endpoint Manager SQLi vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте: