Multiple critical vulnerabilities have been discovered in Ivanti Endpoint Manager (EPM) software, posing a significant risk to users. Tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, these path traversal flaws allow unauthenticated attackers to extract sensitive information from affected systems. Ivanti has released patches to address these vulnerabilities, highlighting the critical need for proactive patching and system updates to mitigate potential exploits.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned that threat actors are actively exploiting vulnerabilities in Ivanti Cloud Service Appliances (CSA), some of which were patched as far back as September. Attackers have been observed using multiple exploit chains that leverage CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 to achieve remote code execution, harvest credentials, and implant webshells on compromised networks. Notably, Ivanti CSA version 4.6 is now end-of-life and no longer receives patches, making it particularly susceptible to attacks.