VDB
CVE-2024-29847
CVE-2024-29847
PUBLISHED
Es besteht eine Schwachstelle in Ivanti Endpoint Manager aufgrund der Deserialisierung von nicht vertrauenswürdigen Daten im Agentenportal. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
EPSS 69.71% · 98.7th percentile
Risk Scores
EPSS Score
69.71%
98.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Ivanti Endpoint Manager <2022 SU6 | |
| Ivanti | Ivanti Endpoint Manager <2024 SU1 | |
| Ivanti | Ivanti Endpoint Manager <2024 Security Patch |
Timeline
- Sep 10, 2024 CVE Published
- Sep 11, 2024 PoC Published
- Sep 12, 2024 EPSS Score
- Sep 16, 2024 PoC Published
- Sep 16, 2024 CVE Updated
- Oct 2, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Nov 10, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
- Dec 22, 2024 Coalition ESS Score
- Jan 10, 2025 EPSS Score
- Jan 20, 2025 Coalition ESS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2109.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2109 advisory
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US advisory
- https://summoning.team/blog/ivanti-epm-cve-2024-29847-deserialization-rce/ advisory