PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager

A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager.

Researchers have developed a proof-of-concept (PoC) exploit for a critical vulnerability in Ivanti Endpoint Manager that was recently disclosed — potentially setting the stage for mass exploitation of the devices.
CVE-2024-29824, an SQL injection bug, was first discovered by an independent researcher and sold to Trend Micros Zero Day Initiative (ZDI). ZDI
informed Ivanti of the issue
on April 3.
It affects the companys centralized endpoint management solution, an attractive target for any hacker interested in compromising many devices across an organization from one launch point. The issue allows unauthenticated attackers to perform remote code execution (RCE) in the program, earning it a critical 9.8 out of 10 CVSS score.
Endpoint Manager is usually elevated, so this really allows you to take over an Ivanti system, says Dustin Childs, head of threat awareness at ZDI. From there, they would be able to affect other systems and do whatever youre using the Endpoint Manager to do.
The specific flaw lay in RecordGoodApp, a method within a dynamic link library (DLL) file called PatchBiz, contained within the programs core server. As outlined in a
new blog post
from Horizon3.ai, which published the PoC on GitHub, an attacker can take advantage of RecordGoodApps very first string, which does not sufficiently validate user input data before constructing SQL queries. They demonstrated as much by sending a fairly trivial request to an endpoint handling events, convincing it to run Windows Notepad.
Few organizations in cybersecurity history have been
taken to task like Ivanti
this year. Initially there were
a couple of zero-day vulnerabilities
, then
another
, then
a whole lot more
.
Patches rolled in slowly
and
exploits skyrocketed
, including some
especially high-profile cases
. Then, just as the bad press was finally starting to die down, this latest vulnerability arrived, equal in posing risk to corporations as any that had come before.
The good news: Childs emphasizes that, despite Ivantis recent troubles, it handled this latest vulnerability by the book.
Its not like we had to convince them [to patch]. We reported it to them, and they immediately got on it. They produced a patch within six weeks. Thats about as good as youre going to see, he says. So yes, theyve had a lot of security problems this year, but they have made tremendous strides in addressing those problems in a very timely manner.
Ivanti published a patch for CVE-2024-29824 alongside its disclosure on May 24. Customers who havent yet would be well advised to implement it as soon as possible, since threat actors have a history of piling on Ivanti vulnerabilities anyway, and an available, working PoC will likely spur them on further.
Besides patching, organizations can also focus on keeping their management interfaces protected from the wider Web. Make sure that if your Endpoint Manager is Internet accessible, you restrict it to some very specific IP addresses that are [trusted], Childs says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager