CISA warned as we speak {that a} vital Ivanti vulnerability that may let risk actors acquire distant code execution on weak Endpoint Supervisor (EPM) home equipment is now actively exploited in assaults.
Ivanti EPM is an all-in-one endpoint administration resolution that helps admins handle shopper gadgets on numerous platforms, together with Home windows, macOS, Chrome OS, and IoT working programs.
Tracked as CVE-2024-29824, this SQL Injection vulnerability in Ivanti EPM’s Core server that unauthenticated attackers inside the similar community can exploit to execute arbitrary code on unpatched programs.
Ivanti launched safety updates to patch this safety flaw in Might, when it additionally addressed 5 different distant code execution bugs in EPM’s Core server, all impacting Ivanti EPM 2022 SU5 and prior.
Horizon3.ai safety researchers printed a CVE-2024-29824 deep dive in June and launched a proof-of-concept exploit on GitHub that can be utilized to “blindly execute commands on vulnerable Ivanti EPM appliances.”
Additionally they suggested admins in search of indicators of potential exploitation on their home equipment to overview MS SQL logs for proof of xp_cmdshell getting used to acquire command execution.
At the moment, Ivanti up to date the unique safety advisory to state that it “has confirmed exploitation of CVE-2024-29824 in the wild.”
“At the time of this update, we are aware of a limited number of customers who have been exploited,” the corporate added.
Federal companies ordered to patch inside three weeks
On Tuesday, CISA adopted go well with and added the Ivanti EPM RCE flaw to its Identified Exploited Vulnerabilities catalog, tagging it as actively exploited.
Federal Civilian Government Department (FCEB) companies now should safe weak home equipment inside three weeks by October 23, as required by Binding Operational Directive (BOD) 22-01) requires,
Whereas CISA’s KEV catalog is primarily designed to alert federal companies of vulnerabilities they need to patch as quickly as attainable, organizations worldwide must also prioritize patching this vulnerability to dam ongoing assaults.
A number of Ivanti vulnerabilities have been exploited as zero-day flaws in widespread assaults in current months, focusing on the corporate’s VPN home equipment and ICS, IPS, and ZTA gateways.
Final month, Ivanti warned that risk actors had been chaining two lately fastened Cloud Providers Equipment (CSA) vulnerabilities to assault unpatched home equipment.
In response, Ivanti introduced in September that it is working to enhance its accountable disclosure course of and testing capabilities to handle such safety threats extra rapidly.
Ivanti companions with over 7,000 organizations to ship system and IT asset administration options to greater than 40,000 firms globally.