Ivanti - Vulnerabilidades
VSA24-01078Desde el CSIRT de Gobierno informamos frecuentemente de vulnerabilidades importantes que pueden afectar sus aplicaciones, datos o equipos.
Ivanti lanzó actualizaciones de seguridad que parchan varias vulnerabilidades en sus productos Endpoint Manager, Cloud Service Appliance y Workspace Control.
Vulnerabilidades
| ID | CVSS | EPSS |
|---|---|---|
| CVE-2024-29847 | 10.0 | |
| CVE-2024-32840 | 9.1 | |
| CVE-2024-37397 | 8.2 | |
| CVE-2024-32842 | 9.1 | |
| CVE-2024-32843 | 9.1 | |
| CVE-2024-32845 | 9.1 | |
| CVE-2024-32846 | 9.1 | |
| CVE-2024-32848 | 9.1 | |
| CVE-2024-34779 | 9.1 | |
| CVE-2024-34783 | 9.1 | |
| CVE-2024-34785 | 9.1 | |
| CVE-2024-8191 | 7.8 | |
| CVE-2024-8441 | 6.7 | |
| CVE-2024-8321 | 5.8 | |
| CVE-2024-8320 | 5.3 | |
| CVE-2024-8322 | 4.3 | |
| CVE-2024-8012 | 7.8 | |
| CVE-2024-44105 | 8.2 | |
| CVE-2024-44104 | 8.8 | |
| CVE-2024-44107 | 8.8 | |
| CVE-2024-44103 | 8.8 | |
| CVE-2024-44103 | 8.8 | |
| CVE-2024-8190 | 7.2 |
Versiones Afectadas
| Producto | Versiones |
|---|---|
| Ivanti Endpoint Manager (EPM) |
|
| Ivanti Cloud Service Appliance (CSA) |
|
| Ivanti Workspace Control (IWC) |
|
Mitigación
Seguir las instrucciones en https://www.ivanti.com/blog/september-2024-security-update