Hackers are exploiting another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a new alert this week.
The remote code execution flaw in Ivanti Endpoint Manager (EPM), a tool that helps organizations manage and secure employee devices, was first disclosed by Trend Micro’s Zero Day Initiative in April and patched by Ivanti the following month.
This bug could allow an unauthenticated attacker to remotely execute malicious code on an affected Ivanti customer’s servers.
Hackers are actively exploiting the vulnerability, tracked as CVE-2024-29824, to hack into unpatched systems, CISA said in an advisory issued Wednesday. All federal civilian agencies must update vulnerable systems by Oct. 23 to prevent exploitation, according to CISA’s advisory.
“These types of vulnerabilities are frequent attack vectors for malicious cyber attackers and pose a significant risk to federal enterprises,” CISA said.
Ivanti, a US-based IT software company with more than 40,000 enterprise customers, including Fortune 100 companies, said in its May security advisory update this week that the vulnerability was actively used to target a “limited number” of Ivanti customers. Confirmed.
Ivanti did not say how many customers were affected, and an Ivanti spokesperson did not provide comment when contacted by TechCrunch. The company has not yet revealed whether it was aware of the customer data breach resulting from the hack.
Ivanti is no stranger to hackers exploiting vulnerabilities in its software. Earlier this year, the company confirmed that hackers were mass exploiting vulnerabilities in Connect Secure, a remote access VPN solution used by thousands of businesses and large organizations around the world.
This disclosure comes just weeks after Ivanti identified two initial zero-day flaw exploits in Connect Secure. Security researchers have linked the attack to Chinese-backed hackers who have been exploiting vulnerabilities to break into customer networks and steal information.
