CISA Alerts Agencies to Patch Ivanti Endpoint Manager Vulnerability Exploited Actively
CISA issued a warning to federal agencies urging them to patch a security vulnerability in Ivanti’s Endpoint Manager software, which has been actively targeted by cyber threats.
The flaw, identified as CVE-2024-29824, has a severity rating of 9.6 out of 10.0 on the CVSS scale, indicating its critical nature.
According to Ivanti, the vulnerability allows unauthenticated attackers to execute malicious code through an unspecified SQL Injection flaw in the Core server of Ivanti EPM 2022 SU5 and earlier versions.
An attack research firm, Horizon3.ai, provided details of a PoC exploit in June that demonstrated how the vulnerability can lead to remote code execution by manipulating an SQL query statement in a specific DLL component of the software.
Although the exact exploitation method remains unknown, Ivanti confirmed that customers are being targeted and updated the advisory accordingly.
Recent reports suggest that multiple vulnerabilities in Ivanti products, including CVE-2024-8190, CVE-2024-8963, and CVE-2024-7593, have been actively exploited, emphasizing the importance of promptly updating Ivanti appliances to mitigate these risks.
By October 23, 2024, federal agencies are required to upgrade to the latest software version to protect their networks from potential threats.
About Author
