FlagThis

Multiple critical vulnerabilities have been discovered in Ivanti Endpoint Manager (EPM) software, posing a significant risk to users. Tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, these path traversal flaws allow unauthenticated attackers to extract sensitive information from affected systems. Ivanti has released patches to address these vulnerabilities, highlighting the critical need for proactive patching and system updates to mitigate potential exploits.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned that threat actors are actively exploiting vulnerabilities in Ivanti Cloud Service Appliances (CSA), some of which were patched as far back as September. Attackers have been observed using multiple exploit chains that leverage CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 to achieve remote code execution, harvest credentials, and implant webshells on compromised networks. Notably, Ivanti CSA version 4.6 is now end-of-life and no longer receives patches, making it particularly susceptible to attacks.


References :

• ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
• BleepingComputer: CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September
• Pyrzout :vm:: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
• ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
• thecyberexpress.com: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation

Classification:

• HashTags: #Ivanti #Vulnerability #EndpointSecurity
• Company: Ivanti
• Target: Ivanti Customers
• Product: Endpoint Manager
• Feature: Path Traversal
• Type: Vulnerability
• Severity: Major