The Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations about an active exploitation of a vulnerability in Ivanti Endpoint Manager (EPM). This critical flaw, tracked as CVE-2024-29824, poses a serious threat, allowing attackers to remotely execute malicious code on affected servers without authentication.
The Ivanti vulnerability was subsequently patched by Ivanti in May. However, it appears that many organizations have yet to apply these essential updates, putting them at risk. CISA’s warning highlights the urgency of addressing this vulnerability, especially as it has been confirmed that hackers are actively exploiting unpatched systems.
Background on the Ivanti Vulnerability CVE-2024-29824
CISA’s advisory mandates that all federal civilian agencies remediate this vulnerability by October 23, 2024. The flaw in the Ivanti Endpoint Manager is particularly concerning because it enables unauthenticated attackers to gain access to sensitive systems. CISA stated, “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” This emphasizes the need for immediate action from organizations relying on Ivanti’s software solutions.
Ivanti, a prominent IT software company with a client base that includes much of the Fortune 100, has confirmed that this vulnerability is actively being used to target a “limited number” of its customers. While the company has not disclosed how many customers may have been compromised, it raises significant concerns about data security and potential data exfiltration.
Past Incidents and Ongoing Concerns
This isn’t the first time Ivanti has faced scrutiny over vulnerabilities in its products. Earlier in the year, the company acknowledged the widespread exploitation of flaws in its Connect Secure VPN solution, which is used by thousands of corporations globally.
These earlier vulnerabilities were reportedly linked to attacks by hackers supported by the Chinese government, who sought to infiltrate customer networks and extract sensitive information, reported TechCrunch.
Given this context, the newly identified Ivanti vulnerability, CVE-2024-29824, presents a worrying continuation of a trend. Organizations are urged to act swiftly to ensure their systems are secure and updated.
Recommended and Mitigations
To mitigate the CVE-2024-29824 vulnerability, it is crucial for organizations using Ivanti Endpoint Manager to implement the patch provided by Ivanti. This patch involves replacing five DLL files in the core server with updated versions included in the patch.
To complete the process, organizations must restart their core server or run the IISRESET command to ensure the new DLL files are properly loaded. Ivanti has indicated that changes have been made to the patch since its initial release.
Therefore, users are strongly encouraged to consult the updated advisory and follow the necessary steps to mitigate risks associated with this vulnerability.