Analytics Story: Ivanti EPM Vulnerabilities
Description
This analytic story covers various vulnerabilities identified in Ivanti Endpoint Manager (EPM), including but not limited to SQL injection, remote code execution, and privilege escalation. These vulnerabilities can potentially be exploited by adversaries to gain unauthorized access, execute arbitrary code, and compromise the security of managed endpoints.
Why it matters
Ivanti Endpoint Manager (EPM) is a comprehensive solution for managing and securing enterprise endpoints. However, like any complex software, it is not immune to vulnerabilities. This story aggregates multiple CVEs affecting Ivanti EPM, providing insights into different types of security weaknesses such as SQL injection, remote code execution, and privilege escalation. By understanding and monitoring these vulnerabilities, organizations can better protect their infrastructure from potential attacks and ensure the integrity and security of their managed devices.
Detections
| Name | Technique | Type |
|---|---|---|
| Ivanti EPM SQL Injection Remote Code Execution | Exploit Public-Facing Application | TTP |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Suricata | N/A | suricata |
suricata |
References
- https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29824
- https://github.com/projectdiscovery/nuclei-templates/pull/10020/files
Source: GitHub | Version: 1