October 2, 2024 at 02:58PM
CISA warned of an actively exploited critical Ivanti vulnerability, allowing remote code execution on vulnerable EPM appliances. Tracked as CVE-2024-29824, the SQL Injection flaw affects unpatched systems. Ivanti released security updates in May but confirmed ongoing exploitation. Federal agencies are required to patch within three weeks. Prioritize patching to block attacks.
The key points from the meeting notes are:
– CISA warned about a critical Ivanti vulnerability (CVE-2024-29824) that allows threat actors to gain remote code execution on vulnerable Endpoint Manager (EPM) appliances. This vulnerability is actively exploited in attacks.
– The vulnerability is a SQL injection vulnerability in Ivanti EPM’s Core server that unauthenticated attackers within the same network can exploit to execute arbitrary code on unpatched systems. Ivanti released security updates in May to patch this security flaw and other remote code execution bugs.
– It was noted that Horizon3.ai security researchers published a deep dive into the CVE-2024-29824 vulnerability and released a proof-of-concept exploit on GitHub. They also advised admins to review MS SQL logs for evidence of potential exploitation.
– Ivanti updated the original security advisory to confirm exploitation of CVE-2024-29824 in the wild, and a limited number of customers have been exploited.
– Federal Civilian Executive Branch (FCEB) agencies have been ordered to secure vulnerable appliances within three weeks by October 23 as required by Binding Operational Directive (BOD) 22-01.
– It was mentioned that multiple Ivanti vulnerabilities have been exploited as zero-day flaws in widespread attacks in recent months, targeting the company’s VPN appliances and ICS, IPS, and ZTA gateways. Additionally, there have been warnings about threat actors chaining recently fixed Cloud Services Appliance (CSA) vulnerabilities to attack unpatched appliances.
– Ivanti announced in September that it’s working to improve its responsible disclosure process and testing capabilities to address security threats more quickly.
– Lastly, it was noted that Ivanti partners with over 7,000 organizations to deliver system and IT asset management solutions to more than 40,000 companies globally.