CVE-2024-8191: 
Ivanti Endpoint Manager vulnerability analysis and mitigation

A critical SQL injection vulnerability (CVE-2024-8191) was discovered in the management console of Ivanti Endpoint Manager (EPM). The vulnerability affects versions before 2022 SU6 and prior to the 2024 September update. This security flaw allows remote unauthenticated attackers to achieve remote code execution (NVD, CVE Mitre).

The vulnerability exists within the implementation of the WasPreviouslyMapped method. The specific flaw stems from the lack of proper validation of user-supplied strings before using them to construct SQL queries, classified as CWE-89 (SQL Injection). The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while Ivanti assigned it a score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI, NVD).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the service account. The high severity ratings indicate that successful exploitation could lead to complete system compromise, with potential impacts on the confidentiality, integrity, and availability of the affected system (ZDI).

Ivanti has released security updates to address this vulnerability. Users are advised to upgrade to either EPM 2022 SU6 or apply the 2024 September update, depending on their current version (NVD).