Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog.

This vulnerability, CVE-2024-29824, affects Ivanti Endpoint Manager (EPM) and has become a target for cybercriminals using public exploits in recent attacks on Ivanti endpoints.

CVE-2024-29824: A Critical Threat

Ivanti, a U.S.-based IT software company renowned for its enterprise solutions in IT asset management, service management, and cybersecurity, is central to this issue.

The newly identified vulnerability involves an SQL Injection flaw that malicious actors actively exploit.

This flaw presents a serious risk as it can allow unauthorized access to sensitive data and potentially enable remote code execution.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

The vulnerability was highlighted by Horizon3.ai researchers who published a comprehensive analysis along with technical insights and mitigation strategies.

They also released a detailed Proof-of-Concept on GitHub, further emphasizing the critical nature of this threat. 

Adding to the concern, Ivanti confirmed the exploitation of CVE-2024-29824 in the wild. “At the time of this update, we are aware of a limited number of customers who have been exploited,” Ivanti stated.

The vulnerability allows an authenticated, privileged user to execute arbitrary commands as SYSTEM due to an unrestricted file upload flaw in the web component of Ivanti Avalanche versions before 6.4.x.

Urgent Call for Action

This latest inclusion in the Known Exploited Vulnerabilities Catalog is part of an ongoing effort under the Binding Operational Directive (BOD) 22-01.

This directive mandates that Federal Civilian Executive Branch (FCEB) agencies address known vulnerabilities by specified deadlines to protect their networks from active threats. 

While BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to prioritize timely remediation of vulnerabilities listed in the catalog.

By addressing these vulnerabilities promptly, organizations can significantly reduce their exposure to cyberattacks and enhance their overall cybersecurity posture. 

As cyber threats continue to evolve, CISA remains committed to updating its catalog with vulnerabilities that meet specific risk and exploitation criteria.

Organizations are encouraged to integrate these updates into their regular vulnerability management practices to maintain robust defenses against potential cyber threats. 

The exploitation of CVE-2024-29824 underscores the urgent need for organizations to remain vigilant and proactive in their cybersecurity efforts.

With hackers increasingly targeting vulnerable endpoints, swift action is essential to safeguard sensitive data and maintain operational integrity.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration