Vulnerability Management, Threat Intelligence

Intrusions involving critical Ivanti EPM vulnerability underway

Share
Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

BleepingComputer reports that vulnerable Ivanti Endpoint Manager appliances impacted by the critical SQL injection flaw, tracked as CVE-2024-29824, were confirmed by Ivanti to have been targeted in attacks months patches were issued for the bug, which could be leveraged to facilitate arbitrary code execution.

"At the time of this update, we are aware of a limited number of customers who have been exploited," said Ivanti. Such active intrusions have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate unpatched instances by Oct. 23. The development comes weeks after Ivanti committed to strengthen its vulnerability disclosure and testing processes amid the persistent targeting of its products' flaws in attacks. Before launching intrusions leveraging a pair of patched Ivanti Cloud Service Appliance flaws last month, threat actors deployed zero-day attacks aimed at the firm's ICS, ZTA, and IPS gateways, as well as its VPN appliances.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.