September 10, 2024 at 03:37PM
Ivanti has patched a critical vulnerability (CVE-2024-29847) in its Endpoint Management software that could allow unauthenticated attackers to execute remote code on the core server. The company has also addressed almost two dozen other high and critical severity flaws in its products. Ivanti has seen a rise in fixed flaws due to security improvements.
Key takeaways from the meeting notes:
1. Ivanti has patched a critical vulnerability (CVE-2024-29847) in its Endpoint Management software (EPM) that could allow unauthenticated attackers to execute remote code on the core server. This vulnerability has been addressed in Ivanti EPM 2024 hot patches and Ivanti EPM 2022 Service Update 6 (SU6).
2. The company has also fixed almost two dozen additional high and critical severity flaws in Ivanti EPM, Workspace Control (IWC), and Cloud Service Appliance (CSA) that have not been exploited in the wild.
3. Ivanti acknowledges a rise in fixed flaws due to security improvements, including escalating internal scanning, manual exploitation, and testing capabilities. The company is also working on improving its responsible disclosure process.
4. Ivanti has been targeted by in-the-wild exploitation of zero-days, including the targeting of Ivanti VPN appliances with exploits chaining vulnerabilities such as CVE-2024-21887 and CVE-2023-46805, as well as a mass exploitation of a server-side request forgery bug (CVE-2024-21893) in February.
5. Ivanti’s products are widely used, with over 7,000 partners worldwide and over 40,000 companies utilizing its IT management products.
6. The meeting also referenced related articles highlighting critical vulnerabilities and warnings from other technology companies and organizations, such as Apache, Veeam, D-Link, and CISA.
These takeaways outline the security vulnerabilities addressed by Ivanti, the company’s efforts to improve security measures, and the broader context of cybersecurity threats in the industry.