CISA Warns US Agencies of Critical Ivanti Vulnerabilities: Urgent Action Required

Listen to this Post

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding three critical vulnerabilities in Ivanti Endpoint Manager (EPM) appliances. These security flaws, if exploited, could allow remote attackers to fully compromise affected servers, posing a severe risk to government and private-sector networks. With cyber threats evolving rapidly, CISA’s directive underscores the critical need for immediate action to mitigate potential attacks.

the Security Threat

CISA has added three newly identified vulnerabilities—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—to its Known Exploited Vulnerabilities catalog. These flaws, caused by absolute path traversal weaknesses, enable remote, unauthenticated attackers to execute malicious actions on unpatched Ivanti EPM servers.

  • Discovery and Exploits: Initially reported by Zach Hanley, a researcher at Horizon3.ai, in October 2023, these vulnerabilities were patched by Ivanti on January 13, 2024. However, Horizon3.ai later released proof-of-concept exploits in February, showcasing how these weaknesses can be leveraged in relay attacks to extract machine credentials.
  • Government Directive: As part of its Binding Operational Directive (BOD) 22-01, CISA has mandated federal agencies to patch their systems by March 31, 2025. This action aligns with efforts to secure critical infrastructure against increasing cyber threats.
  • Broader Cybersecurity Concerns: Ivanti has faced multiple zero-day exploits over the past year, affecting its VPN appliances, ICS, IPS, and ZTA gateways. Recent reports suggest that UNC5221, a China-linked cyber-espionage group, has been exploiting Ivanti vulnerabilities to deploy malware like Dryhook and Phasejam.

Despite the urgency, Ivanti has not yet updated its security advisory following CISA’s latest warning. Meanwhile, previous Ivanti-related vulnerabilities—some patched as early as September 2024—continue to be actively targeted by cybercriminals.

What Undercode Says: Analyzing the Threat Landscape

1. The Significance of Path Traversal Vulnerabilities

Path traversal vulnerabilities, like those affecting Ivanti EPM, are among the most dangerous security flaws because they allow attackers to manipulate file paths and gain unauthorized access to sensitive system components. Once exploited, attackers can execute arbitrary code, steal credentials, or completely take over a network.

2. The Growing Target on Ivanti Products

Over the past year, Ivanti has become a prime target for cybercriminals and state-sponsored threat actors. This trend suggests two possibilities:
– Ivanti’s security architecture may have inherent weaknesses that require urgent reassessment.
– Attackers see Ivanti products as high-value targets due to their widespread adoption across government and enterprise environments.

3.

References:

Reported By: https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/
Extra Source Hub:
https://www.pinterest.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp
💬 TelegramFeatured Image