FlagThis

CISA has added three critical Ivanti Endpoint Manager (EPM) flaws to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. The affected vulnerabilities are CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161. These flaws are absolute path traversal vulnerabilities that could allow remote, unauthenticated attackers to fully compromise vulnerable servers, potentially granting unauthorized access to sensitive information. Federal agencies have been given until March 31, 2025, to apply the necessary patches and mitigate these threats.

CISA urges all organizations, including those in the private sector, to prioritize timely remediation of these Ivanti EPM vulnerabilities. Security experts warn that delays in patching can lead to full domain compromise, credential theft, and lateral movement by malicious actors. Given the recent history of Ivanti vulnerabilities, proactive security measures and rapid patching are essential to defend against potential attacks. The large market share of Ivanti products makes them a prime target for malicious actors, emphasizing the importance of immediate patching and continuous hardening of systems.

ImgSrc: files.cyberrisk

References :

• BleepingComputer: CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• : CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities
• www.scworld.com: 3 Ivanti flaws added to CISA list of known exploited vulnerabilities
• The DefendOps Diaries: Addressing Critical Vulnerabilities in Ivanti Endpoint Manager

Classification:

• HashTags: #Ivanti #CISA #Vulnerability
• Company: Ivanti
• Target: Ivanti EPM Users
• Product: Endpoint Manager
• Feature: Path Traversal
• Type: Vulnerability
• Severity: Major