Cyber Resilience

CVE-2024-29824

HighCISA KEVActive ExploitationEUVD Exploited

Published: 31 May 2024

Published
31 May 2024
Modified
30 October 2025
KEV Added
02 October 2024
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9397 99.9th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29824 is a high-severity SQL Injection (CWE-89) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-29824 is an unspecified SQL injection vulnerability, tracked under CWE-89, that affects the Core server component of Ivanti EPM 2022 SU5 and earlier versions. The flaw carries a CVSS 3.1 score of 8.8 and permits unauthenticated remote code execution when exploited.

An attacker positioned on the same network segment as the vulnerable server can send crafted requests that trigger the injection, resulting in arbitrary code execution with no user interaction or credentials required. Successful exploitation grants the attacker full control over the affected Core server process and its data.

Ivanti’s May 2024 security advisory directs customers to apply the vendor-supplied patches for EPM 2022 SU6 and later releases. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.

The associated EPSS score has reached a peak of 0.9409 and currently stands at 0.9397, indicating sustained and elevated exploitation interest since disclosure.

EU & UK References

Vulnerability details

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE(s)
KEV Date Added
02 October 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
endpoint manager
2022 · ≤ 2022

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the Core server, blocking the crafted SQL payloads that enable unauthenticated code execution.

prevent

Mandates timely application of vendor patches that remediate the SQL injection flaw in Ivanti EPM 2022 SU5 and earlier.

prevent

Enforces boundary controls that can restrict or deny network-adjacent unauthenticated traffic from reaching the vulnerable Core server.

References