CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

One of the latest vulnerabilities that the Cybersecurity and Infrastructure Security Agency has added to the Known Exploited Vulnerabilities Catalog is CVE-2024-29824, found in the Ivanti Endpoint Manager.

The vulnerability is described as an SQL Injection vulnerability in the core server of Ivanti EPM 2022 SU5 and its prior models. It allows an unauthenticated attacker within the network to execute arbitrary code. 

Because of its high risk, its CVSS score is a critical 9.6.

On Oct. 1, Ivanti updated its security advisory to reflect that the vulnerability had been exploited in the wild.  "At the time of this update, we are aware of a limited number of customers who have been exploited," according to Ivanti's advisory.

Ivanti released security updates to patch this flaw in May, alongside several other bugs found in EPM's core server.

"Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems," Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an emailed statement. "Organizations using Ivanti EPM should prioritize patching their systems immediately and conduct thorough security assessments to detect and mitigate potential compromise. This situation emphasizes the critical importance of proactive vulnerability management and timely patching to protect against evolving threats."

Customers can find information to patch the vulnerability on Ivanti’s website.