Malicious actors are actively exploiting a critical vulnerability in Ivanti Endpoint Manager
Ivanti updated a May 2024 security advisory, warning that an “unrestricted file upload vulnerability” was exploited, affecting multiple customers.
American software company Ivanti has issued a warning regarding the active exploitation of a vulnerability in its Endpoint Manager, which was first revealed in May this year.
“Ivanti has confirmed exploitation of CVE-2024-29824 in the wild,” the update dated October 2 now reads.
“At the time of this update, we are aware of a limited number of customers who have been exploited.”
At the same time, the US Cybersecurity and Critical Infrastructure Agency (CISA) also warned against active exploitation of the bug and recommended that Ivanti customers prioritize remediation to protect themselves against the possibility cyberattacks. CISA also advised all U.S. federal agencies to follow Mandatory Operational Directive 22-01, which requires them by law to immediately address known issues.
“CISA has added a new vulnerability to its catalog of known exploited vulnerabilities, based on evidence of active exploitation,” CISA said in an October 2 alert.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and present significant risks to the federal enterprise. »
CVE-2024-29848 is an unrestricted file upload vulnerability in Ivanti Avalanche, a component of Endpoint Manager. The vulnerability could – and now appears to have – led a malicious actor to execute arbitrary system-level commands.
Details of the patch to address the vulnerability have been available since May.
Ivanti endpoint management products are used by several organizations in Australia, including Deakin University, the University of Southern Queensland and law firm Gilbert + Tobin.