Ivanti Endpoint Manager SQLi Vulnerability Allows Remote Code Execution
17-July-24
A critical security flaw, CVE-2024-37381, has been discovered in the Ivanti Endpoint Manager (EPM) 2024 flat. The vulnerability is an unspecified SQL injection flaw in the core server component of EPM, potentially allowing attackers to execute arbitrary code on affected systems.
The vulnerability has been assigned a CVSS score of 8.4, indicating its high severity. An authenticated attacker within the same network can exploit this vulnerability to execute arbitrary code on the affected system.Ivanti has released a Security Hot Patch to address this issue. The patch is specifically designed for the EPM 2024 flat and includes updated DLL files that must be installed on the Core Server.To apply the patch, administrators must download the Security Hot Patch files, which include PatchApi.dll and MBSDKService.dll. These files should be used to replace the original DLLs in specific locations on the EPM Core Server. After installation, a system reboot or IIS reset is required for the changes to take effect.
It’s important to note that Ivanti stated they were not aware of any customers being exploited by this vulnerability at the time of disclosure. However, given the potential impact of the flaw, it is strongly recommended that affected organizations apply the patch as soon as possible.
For organizations concerned about potential compromise, Ivanti has noted that there are currently no known public exploitations of this vulnerability that could provide a list of indicators of compromise.
