BleepingComputer reports that vulnerable Ivanti Endpoint Manager appliances impacted by the critical SQL injection flaw, tracked as CVE-2024-29824, were confirmed by Ivanti to have been targeted in attacks months patches were issued for the bug, which could be leveraged to facilitate arbitrary code execution.
"At the time of this update, we are aware of a limited number of customers who have been exploited," said Ivanti. Such active intrusions have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate unpatched instances by Oct. 23. The development comes weeks after Ivanti committed to strengthen its vulnerability disclosure and testing processes amid the persistent targeting of its products' flaws in attacks. Before launching intrusions leveraging a pair of patched Ivanti Cloud Service Appliance flaws last month, threat actors deployed zero-day attacks aimed at the firm's ICS, ZTA, and IPS gateways, as well as its VPN appliances.