Alert essentials:

Unauthorized access is achieved through critical path traversals in Ivanti Endpoint Manager.

Apply hot patch fixes immediately to avoid exfiltration of sensitive files.

 

Email Team

 

Detailed threat description:

Two Ivanti Patch Management fixes correcting 16 vulnerabilities have been released. Four of the weaknesses are absolute path traversals, which allow remote, unauthenticated attackers to access files and directories outside the application’s intended scope.

This unauthorized access can lead to the leakage of sensitive information, including configuration files, user data, and system files, potentially compromising the system’s confidentiality and integrity.

The remaining 12 vulnerabilities patched are high-severity vulnerabilities that allow remote attackers to elevate privileges, achieve remote code execution, or cause denial of service. Details of each are found in Ivanti’s advisory. Customers should apply the hot patches for their EPM version immediately.

A Security Hot Patch can be applied for the EPM 2024 flat. This Hot Patch is only supported for the 2024 flat; it is cumulative and includes the previous 2024 flat security fixes. This Hot Patch can be run on the EPM Core and Remote Console as it will detect the type of installation and install the correct files. These CVEs will be resolved in future EPM releases.

A Security Hot Patch is available for EPM 2022 SU6 and can be applied. This Hot Patch is only supported for 2022 SU6; it is cumulative and includes the previous 2022 SU6 security fixes.

This Hot Patch can be run on the EPM Core and Remote Console. It detects the type of installation and installs the correct files. Future EPM releases will resolve these CVEs.

The manufacturer is unaware of exploitation but urges customers to apply hot patches as soon as possible because Ivanti products are known targets for threat actors.

 

Impacts on healthcare organizations:

Healthcare networks must prioritize mitigating these vulnerabilities, as the potential for harm is substantial, including possible exposure to electronic protected health information (ePHI) and unavailable systems.

Proactive measures, including timely updates and security hardening, are critical to minimizing the risk.

 

Affected Products / Versions:

Ivanti Endpoint Manager 2022 SU6 November security update and prior.

Ivanti Endpoint Manager 2024 November security update and prior.

CVE CWE CVSS
CVE-2024-10811 CWE-36 9.8
CVE-2024-13159 CWE-36 9.8
CVE-2024-13160 CWE-36 9.8
CVE-2024-13161 CWE-36 9.8

 

Recommendations

Engineering recommendations:

  • Until patches are applied, restrict access to systems running Ivanti Endpoint Manager using firewall rules or network segmentation
  • Download security hot patch zip files, which include instructions
  • Close the EPM Console
  • Extract the folder, open PowerShell as an admin, and then run the Deploy.ps1
  • Reboot the Core Server
  • Restrict access to critical systems and files through robust access control mechanisms
  • Segregate critical healthcare systems (e.g., electronic health records, medical devices) from other network segments to limit lateral movement during a potential breach
  • Limit user and system access rights to only what is necessary for their roles, reducing the risk of sensitive data exposure

Leadership/ Program recommendations:

  • Instruct IT leaders to immediately apply the January 2025 security updates released by Ivanti for Endpoint Manager
  • Update and test the healthcare organization’s incident response plan, focusing on rapid containment and recovery from security breaches
  • Implement a robust backup and disaster recovery plan, ensuring backups are frequent, secure, and tested for restoration
  • Assess the security posture of third-party vendors connected to the healthcare network
  • Ensure that cybersecurity is embedded into the organization’s overall strategy

Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.

 

References: