Hackers are exploiting yet another vulnerability in one of Ivanti's widely used enterprise products, the U.S. government's cybersecurity agency CISA warned in a new alert this week.
Ivanti Endpoint Manager (EPM) is a tool that helps organizations manage and secure fleets of employee devices, and the remote code execution flaw was first revealed by Trend Micro's zero-day initiative in April and by Ivanti the following month. The patch has been applied.
This bug allows an unauthenticated attacker to remotely execute malicious code on affected Ivanti customers' servers.
In Wednesday's advisory, CISA said hackers are currently actively exploiting this vulnerability (tracked as CVE-2024-29824) to hack into unpatched systems, and are actively It cites evidence of abuse. CISA's advisory calls on all federal civilian agencies to update vulnerable systems by October 23 to prevent exploits.
“These types of vulnerabilities are frequent attack vectors for malicious cyber attackers and pose significant risks to federal enterprises,” CISA said.
Ivanti, a U.S.-based IT software company with more than 40,000 business customers, including many Fortune 100 companies, said in a May security advisory update this week that the vulnerability affected a “limited number” of Ivanti customers. They admitted that they were actively used to target them.
Ivanti did not say how many customers were compromised, and an Ivanti spokesperson did not comment when contacted by TechCrunch. The company has not yet said whether it was aware that customer data had been compromised as a result of the breach.
Ivanti is no stranger to hackers exploiting vulnerabilities in its software. Earlier this year, the company confirmed that hackers were mass-exploiting vulnerabilities in Connect Secure, its remote access VPN solution used by thousands of businesses and large organizations around the world.
This disclosure comes just weeks after Ivanti confirmed that two previous zero-day flaws in Connect Secure had been exploited. Security researchers linked the attack to Chinese-backed hackers who were exploiting vulnerabilities to penetrate customer networks and steal information.