Ivanti Product Security Update Advisory
Overview
An update has been released to address vulnerabilities in Ivanti products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-8012, CVE-2024-44103, CVE-2024-44104, CVE-2024-44105, CVE-2024-44106, CVE-2024-44107
- Ivanti Workspace Control versions: ~ 10.18.0.0 (inclusive)
CVE-2024-8190
- Ivanti Cloud Services Appliance version: 4.6 (all versions on or below patch 519)
CVE-2024-8191, CVE-2024-37397, CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, CVE-2024-34785, CVE-2024-29847, CVE-2024-8321, CVE-2024-8322
- ivanti EPM versions on or below the September 2024 update
- 2022 SU5 or below versions
Resolved Vulnerabilities
Authentication bypass vulnerability in the Message Broker service allows local authentication attackers to escalate their privileges (CVE-2024-8012)
Vulnerability in the Management Console that allows local authentication attackers to escalate their privileges via DLL hijacking (CVE-2024-44103)
Vulnerability in the management console that could allow a locally authenticated attacker to escalate their privileges due to a poorly implemented authentication scheme that is subject to spoofing attacks (CVE-2024-44104)
Vulnerability in the management console where sending sensitive information in clear text could allow a locally authenticated attacker to obtain OS credentials (CVE-2024-44105)
Lack of server-side controls in the management console could allow local authentication attackers to escalate their privileges (CVE-2024-44106)
DLL hijacking in the management console allows local authentication attackers to escalate privileges and execute arbitrary code (CVE-2024-44107)
OS command injection vulnerability that could allow a remote authenticated attacker to gain remote code execution (CVE-2024-8190)
Ivanti EPM Management Console SQL injection vulnerability that could allow a remote, unauthenticated attacker to achieve remote code execution (CVE-2024-8191)
External XML Entity (XXE) vulnerability in the provisioning web service in Ivanti EPM that allows remote, unauthenticated attackers to leak API secrets (CVE-2024-37397)
Unspecified SQL injection vulnerabilities in Ivanti EPM that allow remote authenticated attackers with administrator privileges to achieve remote code execution (CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, CVE-2024-34785)
Deserialization of untrusted data in the agent portal in Ivanti EPM allows remote, unauthenticated attackers to execute remote code (CVE-2024-29847)
A missing authentication in network isolation in Ivanti EPM could allow remote, unauthenticated attackers to isolate managed devices from the network (CVE-2024-8321)
Weak authentication in Ivanti EPM Patch Management could allow remote authenticated attackers to access restricted functionality (CVE-2024-8322)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-8012, CVE-2024-44103, CVE-2024-44104, CVE-2024-44105, CVE-2024-44106, CVE-2024-44107
- Ivanti Workspace Control version: 10.18.99.0
CVE-2024-8190
- Ivanti Cloud Services Appliance version: 5.09 (Recommended)
- Ivanti Cloud Services Appliance version: 4.6 (Patch 519)
CVE-2024-8191, CVE-2024-37397, CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, CVE-2024-34785, CVE-2024-29847, CVE-2024-8321, CVE-2024-8322
- Ivanti EPM versions with the 2024 security patches (both July and September are required)
- 2022 SU6 version
References
[1] Security Advisory Ivanti Workspace Control (IWC)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC?language=en_US
[2] Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)
[3] Security Advisory EPM September 2024 for EPM 2024 and EPM 2022