Horizon3ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Attack Team have just published “CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability.” Their POC can be found here.
Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that enables centralized management of devices within an organization. Ivanti is a widely deployed secure access solution across enterprise functions and divisions to reduce costs, optimize service performance, and help support a secure and agile environment.
On May 24, 2024, the Zero Day Initiative (ZDI) and Ivanti released the advisory “Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability” describing a SQL injection resulting in remote code execution with a CVSS score of 9.8.
Related
This entry was posted on June 13, 2024 at 8:38 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Has A Deep Dive & POC For Ivanti Endpoint Mgr. SQL Injection RCE Vulnerability
Horizon3ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Attack Team have just published “CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability.” Their POC can be found here.
Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that enables centralized management of devices within an organization. Ivanti is a widely deployed secure access solution across enterprise functions and divisions to reduce costs, optimize service performance, and help support a secure and agile environment.
On May 24, 2024, the Zero Day Initiative (ZDI) and Ivanti released the advisory “Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability” describing a SQL injection resulting in remote code execution with a CVSS score of 9.8.
Share this:
Like this:
Related
This entry was posted on June 13, 2024 at 8:38 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.