1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US government flags major Ivanti security flaw, so patch now

    From TechnologyDaily@1337:1/100 to All on Thu Oct 3 16:15:05 2024
    US government flags major Ivanti security flaw, so patch now

    Date:
    Thu, 03 Oct 2024 15:03:00 +0000

    Description:
    Federal agencies don't have long to apply Ivanti patch following CISA warning.

    FULL STORY ======================================================================

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that its being actively abused in the wild.

    The bug that was just added is an SQL Injection vulnerability , found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and
    prior. It grants an unauthenticated attacker within the same network the ability to run arbitrary code. It is tracked as CVE-2024-29824, and has a severity score of 9.6 (critical).

    Federal agencies now have three weeks to apply the patch, or stop using the product altogether - and organizations in the private sector should take
    note, too. Renewed commitment to security

    Ivanti Endpoint Manager (EPM) is a software solution designed for IT asset management, offering tools to manage, secure, and troubleshoot endpoints like desktops, laptops, and mobile devices across an organization. It helps automate patching, software distribution, and inventory control, and supports Windows, macOS, Chrome OS, and different IoT operating systems.

    The company says it patched the vulnerability in May 2024, together with five other RCE flaws. It, too, recently confirmed observing attacks in the wild: "At the time of this update, we are aware of a limited number of customers
    who have been exploited," the company concluded.

    Ivanti is a major technology provider in the B2B sector, with over 40,000 customers globally, and clients spanning various industries, including government, healthcare, education, financial services, and more. These organizations use Ivanti's solutions for IT management, security, and asset management, and as such, they are a major target for cybercriminals.

    In recent years, Ivanti has been at the center of much controversy, since
    many of its products were found to be severely flawed. In response, Ivanti
    CEO Jeff Abbott issued an open letter to customers and partners in April
    2024, promising a renewed commitment to security.

    Via BleepingComputer More from TechRadar Pro Healthcare organizations are having to pay millions to solve ransomware attacks Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-flags-major-ivanti-securi ty-flaw-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)