CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

  /     /     /  
Publicated : 23/11/2024   Category : security

CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog


Ivanti reports that the bug is being actively exploited in the wild for select customers.


One of the latest vulnerabilities that the Cybersecurity and Infrastructure Security Agency has added to the Known Exploited Vulnerabilities Catalog is
CVE-2024-29824
, found in the Ivanti Endpoint Manager.
The vulnerability is described as an SQL Injection vulnerability in the core server of Ivanti EPM 2022 SU5 and its prior models. It allows an unauthenticated attacker within the network to execute arbitrary code. 
Because of its high risk, its CVSS score is a critical 9.6.
On Oct. 1, Ivanti updated its security advisory to reflect that the vulnerability had been exploited in the wild.  At the time of this update, we are aware of a limited number of customers who have been exploited, according to Ivantis advisory.
Ivanti
released security updates to patch this flaw in May, alongside several other bugs found in EPMs core server.
Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems, Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an emailed statement. Organizations using Ivanti EPM should prioritize patching their systems immediately and conduct thorough security assessments to detect and mitigate potential compromise. This situation emphasizes the critical importance of proactive vulnerability management and timely patching to protect against evolving threats.
Customers can find information to 
patch the vulnerability
 on Ivanti’s website.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog