CISA warns of another Ivanti flaw that is under active attack

Hackers are exploiting another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a new alert this week.

The remote code execution flaw in Ivanti Endpoint Manager (EPM), a tool that helps companies manage and secure their employee device fleets, was first discovered by Trend Micro’s Zero Day Initiative in April and fixed by Ivanti the following month.

The flaw allows an unauthenticated attacker to remotely execute malicious code on an affected Ivanti customer’s server.

Now CISA says hackers are actively exploiting this vulnerability – tracked as CVE-2024-29824 – to hack unpatched systems, Wednesday’s advisory said, citing evidence of active exploitation. CISA’s recommendation requires all federal civilian agencies to update vulnerable systems by October 23 to protect against exploitation.

“These types of vulnerabilities are common attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.

Ivanti, the US-based IT software company with over 40,000 enterprise customers – including many of the Fortune 100 companies, confirmed this week in an update to its May security alert that the vulnerability had been actively used to compromise a “limited number” of Ivanti- Attacking customers.

Ivanti has not said how many of its customers were compromised, and an Ivanti spokesperson had no comment when contacted by TechCrunch. The company has not yet said whether it was aware that customer data was stolen as a result of the compromises.

Ivanti is no stranger to hackers exploiting vulnerabilities in its software. Earlier this year, the company confirmed that hackers were mass exploiting vulnerabilities in Connect Secure, its remote access VPN solution used by thousands of businesses and large organizations worldwide.

This disclosure came just weeks after Ivanti confirmed the exploitation of two previous zero-day vulnerabilities in Connect Secure. Security researchers linked the attacks to Chinese-backed hackers who used the vulnerabilities to break into customer networks and steal information.