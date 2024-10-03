CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

Ivanti reports that the bug is being actively exploited in the wild for select customers.

Dark Reading Staff, Dark Reading

October 3, 2024

1 Min Read
Ivanti logo on the side of a beige building with blue windows
Source: Kristoffer Tripplaar via Alamy Stock Photo

One of the latest vulnerabilities that the Cybersecurity and Infrastructure Security Agency has added to the Known Exploited Vulnerabilities Catalog is CVE-2024-29824, found in the Ivanti Endpoint Manager.

The vulnerability is described as an SQL Injection vulnerability in the core server of Ivanti EPM 2022 SU5 and its prior models. It allows an unauthenticated attacker within the network to execute arbitrary code. 

Because of its high risk, its CVSS score is a critical 9.6.

On Oct. 1, Ivanti updated its security advisory to reflect that the vulnerability had been exploited in the wild.  "At the time of this update, we are aware of a limited number of customers who have been exploited," according to Ivanti's advisory.

Ivanti released security updates to patch this flaw in May, alongside several other bugs found in EPM's core server.

"Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems," Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an emailed statement. "Organizations using Ivanti EPM should prioritize patching their systems immediately and conduct thorough security assessments to detect and mitigate potential compromise. This situation emphasizes the critical importance of proactive vulnerability management and timely patching to protect against evolving threats."

Customers can find information to patch the vulnerability on Ivanti’s website.

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

profile of a human head rendered in computer chip patterns
Cyber Risk
Shadow AI, Data Exposure Plague Workplace Chatbot UseShadow AI, Data Exposure Plague Workplace Chatbot Use
byTara Seals, Managing Editor, News, Dark Reading
Sep 30, 2024
6 Min Read
Seven pawns; one is blue and in front of the others
Cyberattacks & Data Breaches
Top Allies for Executives & Boards to Leverage During a Cyber CrisisTop Allies for Executives & Boards to Leverage During a Cyber Crisis
byChris Crummey
Sep 27, 2024
5 Min Read
Screen covered with multi-colored postits, each one with a password written on it.
Identity & Access Management Security
NIST Drops Password Complexity, Mandatory Reset RulesNIST Drops Password Complexity, Mandatory Reset Rules
byEdge Editors
Sep 25, 2024
2 Min Read
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events