WARNING: IVANTI PATCHED MULTIPLE VULNERABILITIES IN IVANTI EPM, IVANTI APPLICATION CONTROL ENGINE AND IVANTI AVALANCHE, PATCH IMMEDIATELY!
Ivanti EPM
- CVE-2024-10811: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-13161: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-13160: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-13159: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Ivanti Application Control Engine
- CVE-2024-10630: CVSS 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Ivanti Avalanche
- CVE-2024-13181: CVSS 7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
- CVE-2024-13180: CVSS 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
- CVE-2024-13179: CVSS 7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Bronnen
Ivanti EPM - https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US
Ivanti Application Control Engine - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630?language=en_US
Ivanti Avalanche - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs?language=en_US
Risico’s
Ivanti released three vulnerability advisories for Ivanti EPM, Ivanti Application Control Engine and Ivanti Avalanche. The advisories cover multiple vulnerabilities patched in these products. 16 vulnerabilities were patched in Ivanti EPM, 1 vulnerability in Ivanti Application Control Engine and 3 vulnerabilities in Ivanti Avalanche.
The most severe vulnerabilities addressed include four absolute path traversal flaws in Ivanti EPM, which could enable remote, unauthenticated attackers to expose sensitive information.
Beschrijving
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update: 2025-02-21
Ivanti published a V2 of the patch for the abovementioned vulnerabilities. Applying the original patch (EPM_2024_Flat_Jan_2025_Patch.zip and EPM_2022_SU6_Jan_2025_Patch.zip) caused a known issue with Windows Action in Software Distribution. More specifically, the "Actions" tab was not visible, thus preventing users from creating new Windows Action packages or editing existing ones. Please note that existing packages continue to function as expected.
- For more information and to follow the progress of this known issue, 104977: Unable to Modify Windows Actions After Applying January Security Advisory Hot Patch
Ivanti updated this patch to a V2 version that restores the "Actions" tab. If the original version was installed, V2 needs to be installed as well to restore the "Actions" tab.
Due to the changes made in the V2 patch, there are some needed changes in order for Windows Action packages to be fully functional again. Please see Change to Windows Action Packages in January 2025 Hot Patch for more information.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.