Ivanti Endpoint Manager Privilege Escalation Vulnerability via Insecure Deserialization

A vulnerability allowing privilege escalation through insecure deserialization has been identified in Ivanti Endpoint Manager (EPM) versions 2024 SU3 SR1 and prior, as well as in the now End-of-Life 2022 SU8 SR2 and prior versions. This vulnerability allows a local authenticated attacker to escalate privileges on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights or access within the application or system.

Remediation

Users of Ivanti Endpoint Manager 2024 SU3 SR1 have a significantly reduced risk due to important security enhancements. For those on versions 2022 SU8 SR2 and prior, which are End-of-Life, it is recommended to upgrade to the latest version of Ivanti EPM 2024. Administrators can also remove the Reporting database user from their configuration to address this vulnerability, but this will disable reporting functionality.