October 3, 2024 at 02:33AM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are urged to update by Oct 23, 2024.
Key takeaways from the meeting notes:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
– The vulnerability, tracked as CVE-2024-29824, is rated as critical with a CVSS score of 9.6 out of 10.
– The vulnerability, an unspecified SQL Injection flaw in Ivanti EPM, allows unauthenticated attackers within the same network to execute arbitrary code. The issue is rooted in a function called RecordGoodApp() within a DLL named PatchBiz.dll.
– Evidence of active exploitation of CVE-2024-29824 has been confirmed by Ivanti, with a “limited number of customers” being targeted.
– Three other flaws in Ivanti appliances have come under active abuse within a month’s span: CVE-2024-8190, CVE-2024-8963, and CVE-2024-7593.
– Federal agencies are required to update their instances to the latest version by October 23, 2024, to protect their networks against these active threats.