CISA Warns of Exploited Ivanti Endpoint Manager SQL Injection Vulnerability

The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in Ivanti Endpoint Manager (EPM) that is being actively exploited by cyber attackers. This vulnerability, identified as CVE-2024-29824, allows unauthenticated attackers to execute arbitrary code on unpatched systems, potentially granting them extensive control over affected devices and access to sensitive data.

Security experts are urging organizations to take immediate action to patch their systems and conduct thorough security assessments to mitigate potential compromise. Eric Schwake, Director of Cybersecurity Strategy at Salt Security, emphasized the importance of proactive vulnerability management and timely patching in order to protect against evolving threats and maintain a strong security posture.

Jason Soroko, Senior Fellow at Sectigo, highlighted the risk posed by the CVE-2024-29824 vulnerability in enterprise environments, noting that failure to patch could leave systems vulnerable to arbitrary command execution and network-wide compromise. Mr. Mayuresh Dani, Manager of Security Research at Qualys Threat Research Unit, warned about the dangers of this unauthenticated SQL injection vulnerability and the potential for attackers to execute arbitrary Windows commands, leading to the installation of malware and complete system compromise.

Organizations using Ivanti EPM are advised to prioritize patching their systems immediately and disable risky features to prevent exploitation. The ongoing exploitation of this vulnerability underscores the critical need for robust cybersecurity measures to protect against malicious threats in today’s interconnected world.