CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability


The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of critical vulnerabilities in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM).

Organizations using these products are urged to mitigate potential risks immediately. 

EHA

CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability

A newly identified vulnerability, CVE-2024-45519, has been discovered in the Synacor Zimbra Collaboration platform.

This flaw resides in the postjournal service and may allow unauthenticated users to execute commands remotely.

While it is currently unknown if this vulnerability has been exploited in ransomware campaigns, the potential for abuse is significant.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Organizations using Zimbra Collaboration are advised to apply the recommended mitigations provided by Synacor.

If such mitigations are unavailable, discontinuing use of the product is strongly recommended. CISA has set a due date for remediation by October 24, 2024, emphasizing the urgency of addressing this issue.

CVE-2024-29824: Ivanti Endpoint Manager SQL Injection Vulnerability

The Ivanti Endpoint Manager (EPM) is also threatened due to a SQL injection vulnerability identified as CVE-2024-29824.

This flaw allows an unauthenticated attacker within the same network to execute arbitrary code on the Core server. As with the Zimbra vulnerability, there is no current evidence of its use in ransomware attacks, but the risk remains high.

Ivanti has issued guidance for mitigating this vulnerability, and organizations are advised to follow these instructions promptly. The deadline for implementing these measures is October 23, 2024.

CISA’s alert highlights the critical nature of these vulnerabilities and the potential impact on organizations worldwide.

Synacor and Ivanti have provided mitigation strategies, underscoring the importance of swift action to protect sensitive data and maintain operational integrity.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration



Source link