Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. They all affect the core server of Ivanti EPM 2022 SU5 and prior versions, can lead to code execution in the context of the service account, and all have been fixed through a security hot patch. At an (unclear) date that came after the intial release of its advisory, Ivanti has made changes to the patch and urged users to update some of the files or implement the new patch if they haven’t previously done so. The patch provided by Ivanti is implemented by replacing five DLL files from the core server with five others (with the same name) contained in the patch. Ivanti did the same by updating the relevant security advisory to say that they are aware of a limited number of customers who have been exploited. CVE-2024-29824, reported by an anonymous researcher via the Zero Day Initiative program, is one of the ten SQL injection vulnerabilities Ivanti has released a fix for in May 2024. ZDI’s advisory described CVE-2024-29824 as a flaw that exists within the implementation of the RecordGoodApp method and is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. The process has to be concluded by either restarting the core server or closing the EPM console and running IISRESET (a command for restarting IIS services), so that the new DLL files are loaded. The addition of CVE-2024-29824 to the KEV catalog means that all US federal civilian executive branch agencies must remediate it by October 23, 2024.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 03 Oct 2024 15:43:06 +0000


Cyber News related to Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security - CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited ...
2 months ago Helpnetsecurity.com
CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-35893 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
11 months ago Unit42.paloaltonetworks.com
CVE-2024-47685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use ...
2 months ago Tenable.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
1 year ago Securityboulevard.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
10 months ago Techtarget.com
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
1 month ago Tenable.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com
CVE-2024-26781 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected ...
8 months ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
6 months ago Tenable.com
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for ...
11 months ago Helpnetsecurity.com
US CISA adds Ivanti EPM flaw to its Known Exploited Vulnerabilities catalog - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. U.S. Cybersecurity ...
2 months ago Securityaffairs.com
Ivanti Endpoint Manager Vulnerability Public Exploit is Now Used in Cyber Attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. As cyber threats continue to evolve, CISA remains committed to updating its catalog with ...
2 months ago Cybersecuritynews.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
1 month ago Tenable.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
11 months ago Techtarget.com
CVE-2022-48956 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot ...
1 month ago Tenable.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
9 months ago Techtarget.com
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
10 months ago Cysecurity.news
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
1 month ago Tenable.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
10 months ago Go.theregister.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
10 months ago Bleepingcomputer.com
CVE-2024-26852 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ...
8 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)