Ivanti has released patches for multiple high-severity vulnerabilities affecting its Endpoint Manager (EPM) and Endpoint Manager for Mobile (EPMM) products. The most critical among these is an SQL injection flaw tracked as CVE-2024-37381, which affects the Core server of EPM 2024 flat. This vulnerability, with a CVSS score of 8.4, allows authenticated attackers with network access to execute arbitrary code.
SQL Injection Flaw in Endpoint Manager (CVE-2024-37381)
The SQL injection vulnerability, CVE-2024-37381, is considered highly critical due to its potential impact. An attacker with authenticated access within the network can exploit this flaw to execute arbitrary code on the Core server of EPM 2024 flat. Ivanti has released a hotfix for this vulnerability, applicable only to EPM 2024 flat. Full security updates addressing the vulnerability in future releases are planned.
The hotfix includes updates to the PatchApi.dll and MBSDKService.dll files. Users must download the Security Hot Patch files, unblock the DLL files using PowerShell, and replace the original DLLs on the Core Server. After implementing these steps, rebooting the Core Server or running IISRESET is required to load the new DLLs.
Vulnerabilities in Endpoint Manager for Mobile (EPMM)
In addition to the SQL injection flaw, Ivanti has patched four other vulnerabilities impacting all versions of its Endpoint Manager for Mobile (EPMM). Three of these are high-severity flaws:
- CVE-2024-36130: Allows attackers within the network to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36131: Similar to CVE-2024-36130, it enables command execution on the OS.
- CVE-2024-36132: Leads to authentication bypass and sensitive information disclosure.
EPMM versions 11.12.0.3, 12.0.0.3, and 12.1.0.1 address these high-severity vulnerabilities along with a medium-severity improper authentication issue (CVE-2024-37403). This improper authentication flaw could allow attackers to access sensitive information.
Dirty Stream Vulnerability in Docs@Work for Android (CVE-2024-37403)
Ivanti has also patched a medium-severity vulnerability in its Docs@Work for Android product, tracked as CVE-2024-37403. This path traversal vulnerability, referred to as Dirty Stream, could allow malicious applications to overwrite files in other applications’ home directories, potentially leading to code execution. The updated Docs@Work for Android version 2.26.1 addresses this flaw.
Security Advisory Details
The table below provides detailed information on the key vulnerabilities patched:
| CVE | Description | CVSS Score |
|---|---|---|
| CVE-2024-37381 | SQL Injection in Core server of Ivanti EPM 2024 flat, allowing authenticated network attackers to execute arbitrary code | 8.4 |
| CVE-2024-36130 | Arbitrary command execution on the OS by network attackers | High |
| CVE-2024-36131 | Arbitrary command execution on the OS by network attackers | High |
| CVE-2024-36132 | Authentication bypass and sensitive information disclosure | High |
| CVE-2024-37403 | Path traversal in Docs@Work for Android, allowing malicious applications to overwrite files | Medium |
Mitigation and Resolution
For EPM 2024 flat, the Security Hot Patch must be applied by downloading the patch files, unblocking the DLL files, replacing the original DLLs, and rebooting the Core Server or running IISRESET. For EPMM, users should update to the latest patched versions (11.12.0.3, 12.0.0.3, and 12.1.0.1). Docs@Work for Android users should upgrade to version 2.26.1 to mitigate the Dirty Stream vulnerability.
Mitigation and Resolution
Ivanti assures that there is no known public exploitation of these vulnerabilities at the time of disclosure. Customers are encouraged to review the advisory and apply the necessary patches promptly. For additional support, users can log a case or request a call via the Success Portal.
For more detailed information, refer to the Ivanti Security Advisory.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
