Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
History

Thu, 12 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager
Weaknesses CWE-502
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti endpoint Manager
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Thu, 12 Sep 2024 01:45:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
References
Metrics cvssV3_0

{'score': 10, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-09-12T01:09:56.277Z

Updated: 2024-09-17T03:55:12.223Z

Reserved: 2024-03-21T01:04:07.089Z

Link: CVE-2024-29847

cve-icon Vulnrichment

Updated: 2024-09-12T21:18:41.042Z

cve-icon NVD

Status : Modified

Published: 2024-09-12T02:15:02.077

Modified: 2024-09-12T22:35:00.440

Link: CVE-2024-29847

cve-icon Redhat

No data.