Skip to main content
close search
site logo
Dive Brief

Ivanti up against another attack spree as hackers target its endpoint manager

Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.

Published Oct. 3, 2024
David Jones's headshot
Reporter
Cyberhackers-Ransomware
(Gorodenkoff) via Getty Images

Dive Brief:

  • Threat actors are actively exploiting a critical vulnerability in Ivanti Endpoint Manager that was previously disclosed by the company in May.
  • The SQL injection vulnerability in the core server of Ivanti EPM 2022 SU5 and prior versions can permit an attacker to execute arbitrary code, according to an advisory from the company updated Wednesday. The vulnerability, listed as CVE-2024-29824, has a CVSS score of 9.6.
  • The Cybersecurity and Infrastructure Security Agency on Wednesday added the CVE to its known exploited vulnerabilities catalog. Ivanti updated a previously issued advisory on the CVE and confirmed a limited number of customers have been impacted.

Dive Insight:

Ivanti pledged in April to overhaul its internal security culture after a spree of attacks targeted flaws in Ivanti Connect Secure and other products earlier this year. The attacks led to a compromise at CISA

The exploitation targeting Ivanti Endpoint Manager marks the latest in a series of security issues Ivanti has had to deal with in recent weeks. Four Ivanti CVEs have been added to the KEV catalog since Sept. 13. 

The company urged customers to download a security hot patch that was issued to address the flaw.

In late September, Ivanti warned of a critical path traversal vulnerability in Cloud Service Appliance, which has a CVSS score or 9.4. That vulnerability, listed as CVE-2024-8963, allowed unauthenticated attackers to gain access to restricted functionality. 

The vulnerability was discovered while investigating an OS command injection vulnerability, listed as CVE-2024-8190. Threat groups have been chaining together those two vulnerabilities, allowing attackers to bypass admin authentication and the ability to execute arbitrary commands.

Ivanti Connect Secure had also been under threat recently in connection with a state-linked botnet taken down in an operation led by the FBI. 

A spokesperson for CISA said the agency would not have any additional comment beyond the alert issued on Wednesday. A spokesperson for Ivanti was not immediately available for comment.

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell