A critical SQL Injection vulnerability [1] [4] [7] [9] [11] [12], known as CVE-2024-29824 [2] [3] [6] [9] [13], has been discovered in Ivanti Endpoint Manager (EPM) 2022 SU5 and earlier versions [3], enabling remote code execution on affected servers without authentication.

Description

The severity score of this vulnerability is 9.6, as reported by the Cybersecurity and Infrastructure Security Agency (CISA) [7] [11]. Ivanti has released security patches in May to address multiple critical vulnerabilities in EPM [8], including CVE-2024-29824 [4] [8], which has been actively exploited by hackers. A proof-of-concept exploit for this vulnerability has been made available on Github. Ivanti has confirmed that the vulnerability has been exploited in the wild [12], prompting customers to patch their systems immediately to prevent data breaches and business disruptions [12]. Federal agencies are required to address this vulnerability by October 23, 2024 [8] [11], in response to the threat. While Ivanti has reported a limited number of targeted customers, the extent of compromises and data exfiltration remains undisclosed [2]. This vulnerability is one of several actively abused vulnerabilities in Ivanti appliances within a short timeframe. Security updates were released in May to address this flaw, highlighting the importance of proactive vulnerability management and timely patching [12]. Federal agencies must update their instances to the latest version by the specified date [9], in accordance with Binding Operational Directive (BOD) 22-01 [1] [6]. CISA strongly advises all organizations to prioritize prompt remediation of Catalog vulnerabilities to mitigate the risk of cyberattacks. Threat actors are actively exploiting the vulnerability [2] [7] [9], listed as CVE-2024-29824 [2] [3] [6] [7] [9] [10] [13], with a CVSS score of 9.6 [7] [8] [12] [13]. Ivanti has issued a security hot patch to address the flaw and confirmed a limited number of impacted customers [7]. This exploitation is the latest in a series of security issues Ivanti has faced recently [7], including other CVEs such as CVE-2024-8963 and CVE-2024-8190 [7]. Ivanti has been targeted in previous attacks [7], leading to compromises at CISA and prompting the company to overhaul its internal security culture [7]. Horizon3.ai researchers have published a detailed analysis of the vulnerability [5], along with technical insights and mitigation strategies [5], including a Proof-of-Concept on GitHub [5]. Organizations are urged to apply the patch immediately to mitigate the risk of exploitation [13].

Conclusion

The exploitation of this vulnerability underscores the importance of timely patching and proactive vulnerability management. Organizations must prioritize remediation efforts to mitigate the risk of cyberattacks. The impacts of this vulnerability, along with the potential for data breaches and business disruptions, highlight the critical need for swift action to address security flaws. Future implications include the need for enhanced security measures and ongoing vigilance to protect against evolving threats.

References

[1] https://www.cisa.gov/news-events/alerts/2024/10/02/cisa-adds-one-known-exploited-vulnerability-catalog
[2] https://techcrunch.com/2024/10/03/cisa-issues-warning-about-another-ivanti-flaw-under-active-attack/
[3] https://www.techradar.com/pro/security/us-government-flags-major-ivanti-security-flaw-so-patch-now
[4] https://www.csoonline.com/article/3544953/critical-ivanti-flaw-finds-in-the-wild-rce-despite-available-patches.html
[5] https://cybersecuritynews.com/ivanti-endpoint-manager-vulnerability-public-exploit-is-now-used-in-cyber-attacks/
[6] https://www.blackhatethicalhacking.com/news/ivanti-epm-exploit-allows-hackers-to-take-over-systems-via-sql-injection/
[7] https://www.cybersecuritydive.com/news/ivanti-endpoint-manager-hackers-attack/728814/
[8] https://securityaffairs.com/169279/security/u-s-cisa-adds-ivanti-epm-flaw-known-exploited-vulnerabilities-catalog.html
[9] https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html
[10] https://www.crn.com/news/security/2024/ivanti-endpoint-manager-critical-flaw-has-seen-exploitation
[11] https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
[12] https://www.darkreading.com/threat-intelligence/cisa-high-severity-ivanti-vulnerability-kev-catalog
[13] https://securityonline.info/cve-2024-29824-critical-vulnerability-in-ivanti-endpoint-manager-actively-exploited-poc-published/