info@thehackernews.com (The Hacker News)
2024-10-03 02:06:00
thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.
“An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code,” the software service provider said in an advisory released on May 21, 2024.
Horizon3.ai, which released a proof-of-concept (PoC) exploit for the flaw in June, said the issue is rooted in a function called RecordGoodApp() within a DLL named PatchBiz.dll.
Specifically, it concerns how the function handles an SQL query statement, thereby allowing an attacker to gain remote code execution via xp_cmdshell.
The exact specifics of how the shortcoming is being exploited in the wild remains unclear, but Ivanti has since updated the bulletin to state that it has “confirmed exploitation of CVE-2024-29824” and that a “limited number of customers” have been targeted.
With the latest development, as many as four different flaws in Ivanti appliances have come under active abuse within just a month’s span, showing that they are a lucrative attack vector for threat actors –
- CVE-2024-8190 (CVSS score: 7.2) – An operating system command injection vulnerability in Cloud Service Appliance (CSA)
- CVE-2024-8963 (CVSS score: 9.4) – A path traversal vulnerability in CSA
- CVE-2024-7593 (CVSS score: 9.8) – An authentication bypass vulnerability Virtual Traffic Manager (vTM)
Federal agencies are mandated to update their instances to the latest version by October 23, 2024, to safeguard their networks against active threats.
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.