CVE-2024-29847

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2022 SU6 or the 2024 September update

Description The vulnerability is related to the deserialization of untrusted data in the agent portal of Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to achieve remote code execution. This flaw poses a significant risk as it can be exploited to gain full control over affected systems, potentially leading to serious breaches. The vulnerability has been identified as a critical issue, with a high severity score. A proof-of-concept exploit for this vulnerability has been released, making it crucial to update devices to prevent exploitation.

Recommendations For Ivanti Endpoint Manager versions prior to 2022 SU6 or the 2024 September update, update to the latest version to address the vulnerability. As a temporary workaround, consider restricting access to the agent portal to minimize the risk of exploitation.