Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).
The vendor said that threat actors are targeting CVE-2024-29824, a SQL injection attack that allows attackers to upload files and execute commands on vulnerable servers.
“Ivanti has confirmed exploitation of CVE-2024-29824 in the wild,” the vendor said in an Oct. 2 update to its May security advisory.
“At the time of this update, we are aware of a limited number of customers who have been exploited.”
First disclosed in May, CVE-2024-29824 is a SQL injection vulnerability in the Avalanche component of EPM. An attacker who can exploit the flaw would be able to send arbitrary commands to the target server, essentially giving them remote control of the system and the ability to execute code.
In other words: total pwnage.
While the flaw has been known for some time, it is only now being exploited by threat actors in the wild. This is because administrators are less likely to prioritize patches for applications such as Ivanti than more well-known platforms such as Windows or Linux.
In this case, however, updating Ivanti apps would not only be a good idea, but a legal requirement.
CISA has ordered federal agencies to update their Ivanti software. The agency invoked BOD 22-01, a federal directive that requires government agencies to prioritize patching any vulnerability that has been confirmed to be under active exploit in the wild.
The order only applies to government agencies and contractors, but CISA made it very clear that any and all parties using Ivanti EPM should strongly consider updating their software ASAP in order to avoid attacks.
“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice,” the agency said.
“CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.”
Users can protect themselves from attack by updating Avalanche to version 6.4.3.602 or later.