Ivanti EPM Exploit Allows Hackers to Take Over Systems via SQL Injection
Critical Ivanti Vulnerability Actively Exploited, CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in Ivanti’s Endpoint Manager (EPM) that is now being actively exploited by threat actors. This remote code execution (RCE) flaw, tracked as CVE-2024-29824, allows attackers to exploit SQL Injection vulnerabilities on unpatched systems to execute arbitrary commands.
Ivanti Endpoint Manager Affected by SQL Injection
The vulnerability specifically affects the Core server of Ivanti EPM and can be exploited by unauthenticated attackers within the same network. The vulnerability impacts versions of Ivanti EPM up to 2022 SU5 and earlier. Ivanti released security updates to fix this flaw in May, along with patches for five other RCE bugs affecting the same component.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Exploitation in the Wild Confirmed
According to Horizon3.ai researchers, who published a detailed analysis and proof-of-concept (PoC) exploit in June, the vulnerability can be used to “blindly execute commands” on vulnerable Ivanti EPM appliances. They advised admins to check MS SQL logs for evidence of xp_cmdshell usage, which could indicate exploitation.
Ivanti updated its advisory today, confirming that CVE-2024-29824 is being actively exploited in the wild, and acknowledged that a limited number of customers have been affected.
CISA Orders Federal Agencies to Patch Within 3 Weeks
CISA has added the Ivanti RCE flaw to its Known Exploited Vulnerabilities (KEV) catalog, alerting federal agencies that they must patch their systems by October 23, 2024. This directive is part of Binding Operational Directive (BOD) 22-01, which requires federal organizations to prioritize patching vulnerabilities that are known to be actively exploited.
While the KEV catalog is targeted at Federal Civilian Executive Branch (FCEB) agencies, CISA urges all organizations worldwide using Ivanti EPM to patch this vulnerability immediately to prevent ongoing attacks.
Trending: OSINT Tool: Pytster
Ivanti’s Response to Security Threats
This newly confirmed attack is the latest in a string of vulnerabilities affecting Ivanti products in recent months, including zero-day flaws targeting the company’s VPN appliances, ICS, IPS, and ZTA gateways.
In response to the surge in attacks, Ivanti announced in September that it would improve its responsible disclosure process and enhance its testing capabilities to address vulnerabilities more quickly.
Ivanti partners with over 7,000 organizations and provides IT asset management solutions to more than 40,000 companies worldwide, making the need for rapid security updates crucial to its global customers.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
