Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a security flaw in Ivanti Endpoint Manager (EPM). The identified vulnerability, tracked as CVE-2024-29824, carries an elevated CVSS score of 9.6 out of a maximum of 10.0, underscoring its critical severity.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about a security flaw in Ivanti Endpoint Manager (EPM). A vulnerability, tracked as CVE-2024-29824, allows an unauthenticated attacker to execute arbitrary code. Organizations relying on EPM need to patch the issue and ensure timely vulnerability management. CISA has confirmed exploitation of the vulnerability and urges federal agencies to update their instances by October 23, 2024. The incident highlights the importance of proactive cybersecurity measures and ongoing monitoring and patching schedules.
In a recent advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), it has come to light that a security flaw in Ivanti Endpoint Manager (EPM) has been actively targeted by threat actors, highlighting the importance of timely patching and vulnerability management for organizations relying on this endpoint solution. The identified vulnerability, tracked as CVE-2024-29824, carries an elevated CVSS score of 9.6 out of a maximum of 10.0, underscoring its critical severity.
The Ivanti EPM 2022 SU5 and prior versions are susceptible to an unspecified SQL Injection vulnerability in the Core server. This vulnerability allows an unauthenticated attacker within the same network to execute arbitrary code. A detailed analysis revealed that the issue is rooted in a function called RecordGoodApp() within a DLL named PatchBiz.dll, where the function handles an SQL query statement, thus enabling an attacker to gain remote code execution via xp_cmdshell.
According to Horizon3.ai, which released a proof-of-concept (PoC) exploit for the flaw in June, the vulnerability is being actively exploited. While the exact specifics of how the shortcoming is being exploited in the wild remain unclear, Ivanti has since updated its bulletin to state that it has confirmed exploitation of CVE-2024-29824 and that a limited number of customers have been targeted.
The emergence of this critical security breach underscores the ever-present threat landscape for organizations utilizing endpoint solutions. This incident also highlights the importance of proactive vulnerability management and timely patching, as emphasized by CISA in its advisory. With federal agencies mandated to update their instances to the latest version by October 23, 2024, to safeguard their networks against active threats, this serves as a stark reminder of the imperative need for robust cybersecurity measures.
The scenario underscores that even seemingly secure endpoint solutions can be vulnerable to security breaches. As the threat landscape continues to evolve and expand, staying vigilant in terms of vulnerability management is crucial for organizations seeking to protect themselves from such risks. This incident also highlights the value of ongoing monitoring and patching schedules, ensuring that all vulnerabilities are addressed promptly.
It is imperative for organizations to assess their current endpoint security posture and ensure they have implemented necessary patches to mitigate this identified vulnerability. By taking proactive measures in terms of cybersecurity management, organizations can significantly reduce the risk of such breaches occurring.
Related Information:
https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html
https://securityaffairs.com/169279/security/u-s-cisa-adds-ivanti-epm-flaw-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2024-29824
https://www.cvedetails.com/cve/CVE-2024-29824/
Published: Thu Oct 3 03:46:48 2024 by llama3.2 3B Q4_K_M
