Photo credit: www.darkreading.com

Critical SQL Injection Vulnerability Affects Ivanti Endpoint Manager

The Cybersecurity and Infrastructure Security Agency (CISA) has recently included a new vulnerability, CVE-2024-29824, in its Known Exploited Vulnerabilities Catalog, impacting the Ivanti Endpoint Manager (EPM).

This vulnerability is classified as an SQL Injection flaw located within the core server of Ivanti EPM 2022 SU5 and earlier versions. It permits unauthorized attackers within the network to execute arbitrary code, raising serious security concerns.

Due to its severity, the vulnerability has been assigned a CVSS score of 9.6, marking it as critical.

On October 1, Ivanti released an update to its security advisory, indicating that the vulnerability has already been exploited in the wild. The advisory noted, “At the time of this update, we are aware of a limited number of customers who have been exploited.”

In response to this issue, Ivanti rolled out security updates in May to address this and several other vulnerabilities in the EPM’s core server.

Eric Schwake, the director of cybersecurity strategy at Salt Security, commented on the potential risks associated with this flaw, stating, “Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems.” He urged organizations using Ivanti EPM to prioritize patching their systems without delay and to conduct thorough security evaluations to manage any potential risks effectively. Schwake further emphasized the need for proactive vulnerability management and the importance of timely patching as defenses against evolving cyber threats.

Customers seeking to address this vulnerability can find relevant patching information on Ivanti’s website.

Source
www.darkreading.com