REDLEGG BLOG

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities

11/18/24 2:34 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.


VULNERABILITies

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS Score: 9.8 (Critical)
Identifier: CVE-2024-43498
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-43498 – Microsoft Security Update Guide

Description: CVE-2024-43498 is a critical vulnerability in .NET and Visual Studio that allows remote code execution. An attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET web application or by loading a malicious file into a vulnerable desktop application. Successful exploitation could grant the attacker control over the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

CVSS Score: 9.1 (Critical)
Identifier: CVE-2024-11005
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-11005 – National Vulnerability Database

Description: CVE-2024-11005 is a critical command injection vulnerability in Ivanti Connect Secure versions prior to 22.7R2.1 and Ivanti Policy Secure versions prior to 22.7R1.1. This flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary commands on the affected system. Exploitation of this vulnerability could lead to full system compromise, unauthorized data access, and potential disruption of services.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to Ivanti Connect Secure version 22.7R2.1 or later, and Ivanti Policy Secure version 22.7R1.1 or later, as detailed in the National Vulnerability Database. Immediate patching is recommended to prevent potential exploitation.


Ivanti Endpoint Manager SQL Injection Vulnerability

CVSS Score: 9.8 (Critical)
Identifier: CVE-2024-50330
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-50330 – National Vulnerability Database

Description: CVE-2024-50330 is a critical SQL injection vulnerability in Ivanti Endpoint Manager versions prior to the November 2024 Security Update. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on the affected system by exploiting improper input validation in SQL queries. Successful exploitation could lead to full system compromise, unauthorized data access, and potential disruption of services.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the National Vulnerability Database. Immediate patching is recommended to prevent potential exploitation.

Get Blog Updates

Related Articles

Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability Bulletin, Vulnerability Bulletins

Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin