The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild.
The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and prior. It grants an unauthenticated attacker within the same network the ability to run arbitrary code. It is tracked as CVE-2024-29824, and has a severity score of 9.6 (critical).
Federal agencies now have three weeks to apply the patch, or stop using the product altogether – and organizations in the private sector should take note, too.
Renewed commitment to security
Ivanti Endpoint Manager (EPM) is a software solution designed for IT asset management, offering tools to manage, secure, and troubleshoot endpoints like desktops, laptops, and mobile devices across an organization. It helps automate patching, software distribution, and inventory control, and supports Windows, macOS, Chrome OS, and different IoT operating systems.
The company says it patched the vulnerability in May 2024, together with five other RCE flaws. It, too, recently confirmed observing attacks in the wild: “At the time of this update, we are aware of a limited number of customers who have been exploited,” the company concluded.
Ivanti is a major technology provider in the B2B sector, with over 40,000 customers globally, and clients spanning various industries, including government, healthcare, education, financial services, and more. These organizations use Ivanti’s solutions for IT management, security, and asset management, and as such, they are a major target for cybercriminals.
In recent years, Ivanti has been at the center of much controversy, since many of its products were found to be severely flawed. In response, Ivanti CEO Jeff Abbott issued an open letter to customers and partners in April 2024, promising a renewed commitment to security.
Via BleepingComputer
Healthcare organizations are having to pay millions to solve ransomware attacksHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now