CISA alerts about another active exploitation of an Ivanti vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. government has sounded an alarm, alerting that hackers are taking advantage of another loophole in one of Ivanti’s widely utilized enterprise solutions.

The specific vulnerability lies in Ivanti Endpoint Manager (EPM), a software used by companies to manage and safeguard their employees’ devices. This flaw, which allows remote execution of code, was initially exposed by Trend Micro’s Zero Day Initiative in April and was subsequently rectified by Ivanti in May.

This flaw gives an unauthorized attacker the capability to remotely execute harmful code on a server belonging to an Ivanti client.

In its advisory on Wednesday, CISA has confirmed that cybercriminals are actively exploiting this vulnerability, identified as CVE-2024-29824, to breach systems that have not been patched yet. The evidence shows signs of continual exploitation. The advisory further mandates all federal civilian agencies to update their vulnerable systems by October 23 to prevent any possible exploitation.

“This kind of vulnerability often serves as a gateway for malicious cyber activities and carries significant risks for the federal enterprise,” observed CISA.

Ivanti, an American IT software company with a clientele of over 40,000 corporations, including a large portion of the Fortune 100, affirmed in a recent update to its May security advisory that this vulnerability has been used to target a “restricted number” of its clients.

Previously, Ivanti had confirmed the exploitation of vulnerabilities in its software by hackers. Earlier in the year, the firm acknowledged that cybercriminals were widely exploiting loopholes in Connect Secure, its VPN solution used by a multitude of businesses and organizations globally. This confirmation came shortly after Ivanti acknowledged the exploitation of two previous zero-day flaws in Connect Secure. Security researchers traced these attacks back to hackers supported by China who used these vulnerabilities to infiltrate customer networks and pilfer information.

Comments are closed.