Ivanti Endpoint Manager critical flaw fixed in May is now exploited in attacks
Take action: If you haven't patched your Ivanti EPM since june, high time to do it NOW. Because hackers are very much enjoying the unpatched version.
Learn More
A critical remote code execution (RCE) vulnerability,in Ivanti Endpoint Manager (EPM) is being actively exploited by threat actors, according to warnings from CISA and Ivanti.
The flaw, CVE-2024-29824 (CVSS score 9.6), discovered and fixed in May 2024 allows unauthenticated attackers within the same network to exploit an SQL injection vulnerability to execute arbitrary code on unpatched systems, potentially gaining full control over vulnerable devices.
Affected Software is Ivanti EPM 2022 SU5 and earlier versions
As of 12th of June 2024, security researchers at Horizon3.ai detail a proof-of-concept exploit for CVE-2024-29824 allow a hacker to perform a remote attack on multiple vulnerable devices across an enterprise.
Attackers are exploiting the vulnerability by using the xp_cmdshell SQL command to achieve remote code execution. This allows attackers to execute arbitrary commands remotely, potentially compromising entire systems.
On October 4, 2024, CISA added CVE-2024-29824 to its Known Exploited Vulnerabilities (KEV) catalog after confirming exploitation in real-world attacks.
