2024-10-03
Ivanti: Known Endpoint Manager Vulnerability is Being Actively Exploited
Earlier this week, Ivanti updated a May advisory to note that one of the vulnerabilities it addresses (CVE-2024-29824) is being actively exploited. CVE-2024-29824 is a critical SQL-injection vulnerability affecting Ivanti Endpoint Manager. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to their Known Exploited Vulnerabilities (KEV) catalog; Federal Civilian Executive Branch (FCEB) agencies are expected to address the issue by October 23.
Editor's Note
Of course it is exploited. Ivanti vulnerabilities have become common enough where attackers have playbooks as to how to effectively exploit them. If attackers have playbooks to exploit a product, you had better have a playbook to keep it up to date and to deal with the resulting incidents if you are not up to date.
Johannes Ullrich
One's strategy shouldn't be to manage updates depending on whether the vulnerability is being actively exploited. It should be based on the criticality of the vulnerability (Arbitrary Code Execution). The hot patch should have been applied back in May. For those that haven't yet patched, now you may be in a race with a determined adversary - don't lose.
Curtis Dukes
CVE-2024-29824, SQL Injection vulnerability, has a CVSS score of 9.6 and is due to improper input sanitization of special elements in a SQL command. The flaw affects Ivanti endpoint manager (EPM) up to 2022 su5. Address the issue by updating your Ivanti EPM to the latest version.
Lee Neely
Read more in
Ivanti: Security Advisory May 2024 (Updated October 2, 2024)
Help Net Security: Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
Security Week: Ivanti EPM Vulnerability Exploited in the Wild
The Hacker News: Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch