CISA tags critical Ivanti EPM flaws as actively exploited in attacks

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. The three flaws (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) are due to absolute path traversal weaknesses that can let remote unauthenticated attackers fully compromise vulnerable servers. They were reported in October by Horizon3.ai vulnerability researcher Zach Hanley and patched by Ivanti on January 13. Just over a month later, Horizon3.ai also released proof-of-concept exploits that can be used in relay attacks for unauthenticated coercion of the Ivanti EPM machine credentials. On Monday, CISA added the three vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security flaws the cybersecurity agency has marked as exploited in the wild. Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 31, to secure their systems against ongoing attacks, as mandate ... Read full article.