CVE-2024-29824
Published: 31 May 2024
Summary
CVE-2024-29824 is a high-severity SQL Injection (CWE-89) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-29824 is an unspecified SQL injection vulnerability, tracked under CWE-89, that affects the Core server component of Ivanti EPM 2022 SU5 and earlier versions. The flaw carries a CVSS 3.1 score of 8.8 and permits unauthenticated remote code execution when exploited.
An attacker positioned on the same network segment as the vulnerable server can send crafted requests that trigger the injection, resulting in arbitrary code execution with no user interaction or credentials required. Successful exploitation grants the attacker full control over the affected Core server process and its data.
Ivanti’s May 2024 security advisory directs customers to apply the vendor-supplied patches for EPM 2022 SU6 and later releases. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.
The associated EPSS score has reached a peak of 0.9409 and currently stands at 0.9397, indicating sustained and elevated exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26818
Vulnerability details
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- CWE(s)
- KEV Date Added
- 02 October 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the Core server, blocking the crafted SQL payloads that enable unauthenticated code execution.
Mandates timely application of vendor patches that remediate the SQL injection flaw in Ivanti EPM 2022 SU5 and earlier.
Enforces boundary controls that can restrict or deny network-adjacent unauthenticated traffic from reaching the vulnerable Core server.