Blog Layout
The Cybersecurity Lair™ • October 7, 2024

Latest News |Ivanti Endpoint Manager at Risk: Critical Vulnerability Exploited

Hackers Target SQL Injection Flaw as CISA Calls for Immediate Action

Hackers are actively exploiting a critical vulnerability (CVE-2024-29824) in Ivanti Endpoint Manager, according to the Cybersecurity and Infrastructure Security Agency (CISA). This SQL injection flaw allows unauthorised access to sensitive data and potentially enables remote code execution. Ivanti, a leading provider of IT asset and service management solutions, has confirmed limited exploitation in real-world attacks. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging federal agencies and all organisations to swiftly patch the flaw to protect against potential breaches.


Technical Highlights:


  • Vulnerability: CVE-2024-29824 in Ivanti Endpoint Manager (EPM).
  • Nature of Flaw: SQL Injection vulnerability enabling unauthorised access and remote code execution.
  • Affected Versions: Ivanti Avalanche versions before 6.4.x.
  • Proof of Concept: Published by Horizon3.ai on GitHub, with mitigation strategies.
  • Threat Impact: Exploitable by authenticated, privileged users to execute arbitrary commands as SYSTEM.
  • Targeted Exploitation: Limited number of real-world exploitations reported by Ivanti.


Sequence of Events:


  • CVE-2024-29824 Identified: Horizon3.ai researchers analysed and disclosed the vulnerability, including a proof-of-concept.
  • CISA Action: CISA added the flaw to its Known Exploited Vulnerabilities Catalog under Binding Operational Directive (BOD) 22-01.
  • Ivanti Confirmation: Ivanti confirmed limited exploitation of the flaw in live attacks.
  • Public Exploits Available: Hackers began exploiting the vulnerability using publicly available code.
  • Federal Agencies Directive: CISA urged federal agencies to prioritise fixing the vulnerability by specified deadlines.


The exploitation of CVE-2024-29824 has prompted urgent action from organisations and agencies to patch the vulnerability, particularly within federal networks. While the number of known exploitations remains limited, the public availability of exploit code raises concerns about the potential for widespread attacks. Immediate patching and security upgrades are critical to protect systems from further exploitation.



This incident emphasises the importance of timely vulnerability management and proactive cybersecurity practices. Organisations must remain vigilant, regularly updating their systems and applying patches as soon as vulnerabilities are disclosed. Public-private collaboration, like that between CISA and security researchers, is vital in identifying and mitigating risks before widespread exploitation occurs. The case also highlights the increasing sophistication of cyber threats, with hackers quickly taking advantage of newly disclosed flaws.


Source and further reading.


Divya, & Divya. (2024, October 3). Hackers now exploit Ivanti Endpoint Manager vulnerability to launch cyber attacks. GBHackers Security | #1 Globally Trusted Cyber Security News Platform. https://gbhackers.com/hackers-now-exploit-ivanti-endpoint-manager-vulnerability/amp/


Ivanti Community. (n.d.). https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US

Share by: