Headline
CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog
Ivanti reports that the bug is being actively exploited in the wild for select customers.
Source: Kristoffer Tripplaar via Alamy Stock Photo
One of the latest vulnerabilities that the Cybersecurity and Infrastructure Security Agency has added to the Known Exploited Vulnerabilities Catalog is CVE-2024-29824, found in the Ivanti Endpoint Manager.
The vulnerability is described as an SQL Injection vulnerability in the core server of Ivanti EPM 2022 SU5 and its prior models. It allows an unauthenticated attacker within the network to execute arbitrary code.
Because of its high risk, its CVSS score is a critical 9.6.
On Oct. 1, Ivanti updated its security advisory to reflect that the vulnerability had been exploited in the wild. “At the time of this update, we are aware of a limited number of customers who have been exploited,” according to Ivanti’s advisory.
Ivanti released security updates to patch this flaw in May, alongside several other bugs found in EPM’s core server.
“Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems,” Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an emailed statement. “Organizations using Ivanti EPM should prioritize patching their systems immediately and conduct thorough security assessments to detect and mitigate potential compromise. This situation emphasizes the critical importance of proactive vulnerability management and timely patching to protect against evolving threats.”
Customers can find information to patch the vulnerability on Ivanti’s website.
About the Author
Related news
Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An
Ivanti Endpoint Manager (EPM) 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution.
A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager.