About the Vulnerability
Introduction
Ivanti Endpoint Manager (EPM) is an endpoint management solution developed by Ivanti Corporation, and the Agent Portal allows end-users to interact with the device management agent.
Summary
On September 21, 2024, Sangfor FarSight Labs received notification that an Ivanti Endpoint Manager component contains information of Deserialization Vulnerability (CVE-2024-29847), classified as critical in threat level.
The Agent Portal service in the affected versions of Ivanti Endpoint Manager contains a deserialization vulnerability, which can be exploited by unauthorized attackers to remotely execute arbitrary code on the EPM server, thereby facilitating lateral movement within the internal network or ransomware attacks.
Affected Versions
Ivanti Endpoint Manager 2022 ≤ SU5
Ivanti Endpoint Manager 2024 < 2024 September Update
Solutions
Official Solution
Affected users are strongly advised to update the Ivanti Endpoint Manager to the latest version.
Download link:
Sangfor Solutions
Vulnerability Proactive Detection
Support is provided for proactive detection of Ivanti Endpoint Manager Deserialization Vulnerability (CVE-2024-29847); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:
[Sangfor Host Security] is expected to release a detection scheme on September 25, 2024, with Rule ID: SF-2024-00802.
[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on September 26, 2024 with Rule ID: SF-2024-00802.
[Sangfor Omni-Command] is expected to release a detection scheme(requiring Host Security component capabilities) on September 25, 2024, with Rule ID: SF-2024-00802.
Vulnerability Security Detection
Support is provided for monitoring the Ivanti Endpoint Manager Deserialization Vulnerability (CVE-2024-29847); and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:
[Sangfor Cyber Command] is expected to release a monitoring scheme on September 27, 2024, with Rule ID: 11027645.
[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme (requiring Cyber Command component capabilities) on September 27, 2024, with Rule ID: 11027645.
[Sangfor Omni-Command] is expected to release a monitoring scheme on September 27, 2024, with Rule ID: 11027645.
Safety Protection
Support is provided for defense against the Ivanti Endpoint Manager Deserialization Vulnerability (CVE-2024-29847); and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:
[Sangfor Network Secure] is expected to release a protection scheme on September 27, 2024, with Rule ID: 11027645.
[Sangfor WAF] is expected to release a protection scheme on September 27, 2024, with Rule ID: 11027645.
[Sangfor Cyber Guardian MDR] is expected to release a protection scheme (requiring AF component capabilities) on September 27, 2024, with Rule ID: 11027645.
[Sangfor Omni-Command] is expected to release a protection scheme (requiring AF component capabilities) on September 27, 2024, with Rule ID: 11027645.
Timeline
On September 21, 2024, Sangfor FarSight Labs received notification of Ivanti Endpoint Manager Deserialization vulnerability.
On September 21, 2024, Sangfor FarSight Labs released a vulnerability alert.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-29847
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
