October 3, 2024 at 05:25PM
The Cybersecurity and Infrastructure Security Agency has added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to its Known Exploited Vulnerabilities Catalog. Rated critical with a CVSS score of 9.6, this flaw was exploited in the wild, prompting Ivanti to release security updates in May. Organizations are cautioned to patch systems immediately.
Based on the meeting notes, the key takeaways are:
– The Cybersecurity and Infrastructure Security Agency has added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to the Known Exploited Vulnerabilities Catalog.
– The vulnerability allows unauthenticated attackers to execute arbitrary code and has a high-risk CVSS score of 9.6.
– Ivanti updated its security advisory on Oct. 1 to confirm that the vulnerability had been exploited in the wild, affecting a limited number of customers.
– Security updates to patch the vulnerability were released by Ivanti in May, along with fixes for other bugs in EPM’s core server.
– Eric Schwake, director of cybersecurity strategy at Salt Security, emphasized the importance of prioritizing patching systems and conducting security assessments to mitigate potential compromise.
– Customers can find information for patching the vulnerability on Ivanti’s website.
Let me know if you need any further information or if there’s anything else I can assist you with.