Ivanti Endpoint Manager SQL Injection Vulnerability Allowing Remote Code Execution

A SQL injection vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2024-2025 Security Update and the 2022 SU6 January-2025 Security Update. This vulnerability allows remote authenticated attackers with admin privileges to execute code remotely. The issue arises from incomplete fixes related to a previous vulnerability, CVE-2024-32848.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users should apply the hot patches available for their respective EPM version. The hot patch for EPM 2024 can be downloaded from the Ivanti License System (ILS) and should be applied to the core server and remote consoles. For EPM 2022 SU6, a similar hot patch is also available through ILS. After applying the patch, the core server should be rebooted.