CISA Issues Urgent Warning Over Active Exploitation of Ivanti Vulnerability
By Carly Page
October 3, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alarming warning regarding a newly discovered vulnerability in Ivanti's popular enterprise software, Ivanti Endpoint Manager (EPM). This flaw is currently being exploited by hackers, putting numerous organizations at risk.
The vulnerability, identified as CVE-2024-29824, allows unauthenticated attackers to execute malicious code remotely on unpatched Ivanti servers. Initially uncovered by Trend Micro’s Zero Day Initiative in April, Ivanti released a patch the following month. However, recent reports suggest that hackers are actively targeting systems that have not yet implemented this critical update.
CISA's advisory, released earlier this week, states that federal civilian agencies must address this vulnerability by October 23 to mitigate the risk of exploitation. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA noted.
In response to this urgent alert, Ivanti acknowledged in an update to its May security advisory that the vulnerability has been used to target a "limited number" of its customers. However, the company has not disclosed the exact number of affected clients or whether any customer data was compromised during these attacks.
This isn’t the first time Ivanti has faced scrutiny for security vulnerabilities. Earlier this year, the company confirmed that hackers were exploiting flaws in Connect Secure, its remote access VPN solution, which is widely used by corporations and large organizations. Security researchers linked these attacks to state-sponsored hackers, primarily from China, who leveraged these vulnerabilities to infiltrate customer networks and extract sensitive information.
As the cyber threat landscape continues to evolve, organizations are urged to remain vigilant and ensure their systems are up to date with the latest security patches. For more updates on cybersecurity news and threats, follow my updates at @dark_web24.