CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

October 3, 2024 at 05:25PM The Cybersecurity and Infrastructure Security Agency has added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to its Known Exploited Vulnerabilities Catalog. Rated critical with a CVSS score of 9.6, this flaw was exploited in the wild, prompting Ivanti to release security updates in May. Organizations are cautioned to … Read more

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

October 3, 2024 at 02:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are … Read more

Critical Ivanti RCE flaw with public exploit now used in attacks

October 2, 2024 at 02:58PM CISA warned of an actively exploited critical Ivanti vulnerability, allowing remote code execution on vulnerable EPM appliances. Tracked as CVE-2024-29824, the SQL Injection flaw affects unpatched systems. Ivanti released security updates in May but confirmed ongoing exploitation. Federal agencies are required to patch within three weeks. Prioritize patching to block … Read more

PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager

June 13, 2024 at 03:40PM Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management … Read more