Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Ivanti patches serious endpoint management software security bugs, so update now

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.

Ivanti has released a patch for a critical security vulnerability, advising users to apply it immediately to secure their infrastructure.

In an advisory, Ivanti said it had uncovered a deserialization of untrusted data weakness in its Endpoint Management (EPM) agent portal. The vulnerability is tracked as CVE-2024-29847 and carries a maximum severity score.

Ivanti said the bug allows unauthenticated threat actors to remotely execute malicious code on the core server: "Successful exploitation could lead to unauthorized access to the EPM core server," the company explained. The good news is that there is no evidence of the bug being exploited in the wild (yet) - and users should look for Ivanti EPM 2024 hot patches, as well Ivanti EPM 2022 Service Update 6 (SU6), since these address the problem.

Fixing numerous bugs

Ivanti Endpoint Management is a software solution that helps organizations manage, secure, and optimize devices across their networks. It allows IT teams to automate tasks such as software deployment, patch management, and device configuration while ensuring endpoint security and compliance.

The platform supports various operating systems, including Windows, macOS, and mobile devices, and offers centralized control for streamlined management. By using Ivanti, businesses can reduce IT complexity, enhance device performance, and minimize security risks across their endpoint infrastructure.

Together with this flaw, Ivanti has addressed numerous other bugs, including a number of critical severity vulnerabilities in Ivanti EPM, Workspace Control (IWC), and Cloud Service Appliance (CSA). The company says none of these flaws were abused in the wild.

However, now with the news of the vulnerabilities out there, it’s only a matter of time before someone steps up with a Proof-of-Concept and starts scanning for flawed endpoints. Ivanti’s products are used by more than 40,000 organizations worldwide, and as such, is a major target.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.