Ivanti patches serious endpoint management software security bugs, so update now

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.

(Image credit: Shutterstock / Thapana_Studio)

Ivanti has released a patch for a critical security vulnerability, advising users to apply it immediately to secure their infrastructure.

In an advisory, Ivanti said it had uncovered a deserialization of untrusted data weakness in its Endpoint Management (EPM) agent portal. The vulnerability is tracked as CVE-2024-29847 and carries a maximum severity score.

Ivanti said the bug allows unauthenticated threat actors to remotely execute malicious code on the core server: "Successful exploitation could lead to unauthorized access to the EPM core server," the company explained. The good news is that there is no evidence of the bug being exploited in the wild (yet) - and users should look for Ivanti EPM 2024 hot patches, as well Ivanti EPM 2022 Service Update 6 (SU6), since these address the problem.

Fixing numerous bugs

Ivanti Endpoint Management is a software solution that helps organizations manage, secure, and optimize devices across their networks. It allows IT teams to automate tasks such as software deployment, patch management, and device configuration while ensuring endpoint security and compliance.

The platform supports various operating systems, including Windows, macOS, and mobile devices, and offers centralized control for streamlined management. By using Ivanti, businesses can reduce IT complexity, enhance device performance, and minimize security risks across their endpoint infrastructure.

Together with this flaw, Ivanti has addressed numerous other bugs, including a number of critical severity vulnerabilities in Ivanti EPM, Workspace Control (IWC), and Cloud Service Appliance (CSA). The company says none of these flaws were abused in the wild.

However, now with the news of the vulnerabilities out there, it’s only a matter of time before someone steps up with a Proof-of-Concept and starts scanning for flawed endpoints. Ivanti’s products are used by more than 40,000 organizations worldwide, and as such, is a major target.

Via BleepingComputer

More from TechRadar Pro

Yet another Ivanti VPN critical security flaw is being exploited, so patch now
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.