The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. Cybercriminals have used public exploits in recent attacks targeting Ivanti endpoints.
Ivanti is a U.S.-based IT software company that provides enterprise software solutions for managing IT assets, IT service management, and cybersecurity. Its software helps more than 7,000 organizations manage IT infrastructure, secure devices, and automate workflows.
The newly identified vulnerability, CVE-2024-29824, affects Ivanti Endpoint Manager (EPM) and involves an SQL Injection flaw that malicious actors actively exploit.
“An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.” Ianvti added.
“Ivanti has confirmed exploitation of CVE-2024-29824 in the wild today. At the time of this update, we are aware of a limited number of customers who have been exploited.”
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Details of the Vulnerability
The CVE-2024-29824 vulnerability in Ivanti EPM represents a serious risk due to its potential for exploitation through SQL Injection attacks. Cybercriminals frequently target such vulnerabilities, as they can allow unauthorized access to sensitive data and potentially enable remote code execution.
Horizon3.ai researchers published a detailed analysis of the CVE-2024-29824 vulnerability with technical insights and mitigation strategies. They also published a detailed Proof-of-Concept on the GitHub repository.
This latest addition to the Known Exploited Vulnerabilities Catalog is part of an ongoing effort under Binding Operational Directive (BOD) 22-01. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies address known vulnerabilities by specified deadlines to safeguard their networks against active threats.
The catalog serves as a dynamic list of Common Vulnerabilities and Exposures (CVEs) that pose significant risks to federal enterprises.
Urgent Call for Action
While BOD 22-01 explicitly targets FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog. By doing so, organizations can significantly reduce their cyberattack exposure and enhance their overall cybersecurity posture.
As cyber threats continue to evolve, CISA remains committed to updating its catalog with vulnerabilities that meet specific risk and exploitation criteria. Organizations are encouraged to integrate these updates into their regular vulnerability management practices to maintain robust defenses against potential cyber threats.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration