Ethical Hacking News
CISA has issued an urgent warning to U.S. federal agencies about critical Ivanti Endpoint Manager (EPM) flaws that have been exploited in real-world attacks. These vulnerabilities, identified as CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, pose significant risks to the federal enterprise. With multiple organizations already impacted by these attacks, it is essential for U.S. federal agencies, organizations, and individuals to take immediate action to secure their networks against ongoing threats.
CISA has issued an urgent warning about critical vulnerabilities in Ivanti Endpoint Manager (EPM) appliances. The three flaws, CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, can allow remote unauthenticated attackers to fully compromise vulnerable servers. CISA has added the vulnerabilities to its Known Exploited Vulnerabilities catalog, marking them as actively exploited in real-world attacks. The warning was prompted by multiple other Ivanti vulnerabilities that have been exploited in widespread attacks targeting various Ivanti products. A suspected China-nexus espionage actor has been targeting Ivanti Connect Secure VPN appliances with zero-day attacks. CISA is urging all organizations to prioritize timely remediation of catalog vulnerabilities as part of their vulnerability management practice.
CISA has issued an urgent warning to U.S. federal agencies, urging them to take immediate action to secure their networks against attacks exploiting critical vulnerabilities in Ivanti Endpoint Manager (EPM) appliances. The three flaws, identified as CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, are due to absolute path traversal weaknesses that can allow remote unauthenticated attackers to fully compromise vulnerable servers.
The critical vulnerabilities were reported in October by Horizon3.ai vulnerability researcher Zach Hanley, who discovered the flaws while conducting a thorough analysis of Ivanti's EPM appliances. Ivanti patched the vulnerabilities on January 13, but just over a month later, Horizon3.ai released proof-of-concept exploits that can be used in relay attacks for unauthenticated coercion of the Ivanti EPM machine credentials.
CISA added the three vulnerabilities to its Known Exploited Vulnerabilities catalog, marking them as actively exploited in real-world attacks. This designation is significant, as it indicates that attackers have successfully exploited these flaws in live networks, and that CISA has evidence to support this claim.
The warning issued by CISA was prompted by the discovery of multiple other Ivanti vulnerabilities that have been exploited as zero-days over the past year in widespread attacks targeting the company's VPN appliances and ICS, IPS, and ZTA gateways. These attacks demonstrate a clear pattern of exploitation by sophisticated actors who are willing to use known vulnerabilities to gain unauthorized access to networks.
Furthermore, CISA noted that a suspected China-nexus espionage actor (tracked as UNC5221) has been targeting Ivanti Connect Secure VPN appliances, infecting them with new Dryhook and Phasejam malware following successful remote code execution zero-day attacks. This highlights the ongoing threat landscape for U.S. federal agencies, which are vulnerable to attacks from nation-state actors who have access to sophisticated tools and techniques.
Ivanti's role in the incident has raised questions about the company's vulnerability management practices. While Ivanti has patched the critical vulnerabilities in EPM appliances, its delay in releasing a security advisory after CISA tagged the vulnerabilities as actively exploited in attacks is concerning. This gap in communication highlights the need for greater transparency and cooperation between vendors, government agencies, and organizations to address emerging threats.
The binding operational directive (BOD) 22-01 issued in November 2021 by CISA mandates that federal civilian executive branch (FCEB) agencies take immediate action to secure their systems against ongoing attacks. However, with the recent additions of Ivanti EPM vulnerabilities to the Known Exploited Vulnerabilities catalog, it is clear that these threats are more widespread and complex than initially anticipated.
CISA has urged all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. This warning underscores the critical importance of maintaining up-to-date security software, patching known vulnerabilities promptly, and implementing robust incident response strategies.
As the threat landscape continues to evolve, it is essential for U.S. federal agencies, organizations, and individuals to remain vigilant and proactive in addressing emerging threats. The recent CISA warning on Ivanti EPM vulnerabilities serves as a stark reminder of the need for increased vigilance and cooperation in the face of sophisticated attacks that can exploit critical vulnerabilities.
In conclusion, the recent addition of Ivanti EPM vulnerabilities to CISA's Known Exploited Vulnerabilities catalog is a clear indication that U.S. federal agencies are under attack using these newly disclosed flaws. As CISA has emphasized, it is crucial for all organizations to prioritize timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. By taking proactive steps to address emerging threats, individuals and organizations can significantly reduce the risk of falling victim to sophisticated cyberattacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Issues-Urgent-Warning-Critical-Ivanti-EPM-Flaws-Under-Attack-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-13159
https://www.cvedetails.com/cve/CVE-2024-13159/
https://nvd.nist.gov/vuln/detail/CVE-2024-13160
https://www.cvedetails.com/cve/CVE-2024-13160/
https://nvd.nist.gov/vuln/detail/CVE-2024-13161
https://www.cvedetails.com/cve/CVE-2024-13161/
Published: Tue Mar 11 09:24:32 2025 by llama3.2 3B Q4_K_M
