Ivanti and Zyxel Release Urgent Patches for Critical Vulnerabilities

Ivanti has rolled out crucial software updates aimed at mitigating multiple vulnerabilities in its Endpoint Manager (EPM) software, targeting a spectrum of security flaws that could potentially jeopardize user data and system integrity. Among these, a particularly severe deserialization of untrusted data vulnerability (CVE-2024-29847) stands out with a CVSS score of 10.0, indicating its critical nature and the potential for remote unauthenticated attackers to execute arbitrary code. This is a significant concern as such vulnerabilities can open the door for various forms of cyberattacks, from data breaches to system takeovers.

In addition to this critical flaw, Ivanti has also patched several unspecified SQL injection vulnerabilities (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34779, -34783, and -34785), each carrying a CVSS score of 9.1. These vulnerabilities are particularly menacing as they allow an authenticated attacker with administrative privileges to potentially execute remote code, thus gaining unauthorized access and control over affected systems. The vulnerable versions include EPM 2024 and 2022 SU5 and earlier, with the issues addressed in the newly released versions 2024 SU1 and 2022 SU6. Ivanti emphasizes the urgency of upgrading to these latest versions to mitigate risks.

Significance of Prompt Updates

The release of these software updates underscores the urgent need for organizations using Ivanti’s products to promptly upgrade to the latest versions to protect against these identified flaws. To date, Ivanti has confirmed that there have been no reports of active exploitation of these vulnerabilities in the wild. Nevertheless, the swift response to these issues highlights a proactive approach following the exploitation of zero-day vulnerabilities in Ivanti products, particularly by cyber espionage groups with ties to China. These groups’ activities underscore the increasingly sophisticated threats organizations face in today’s cybersecurity landscape.

Ivanti’s quick action in issuing these patches highlights the company’s commitment to its users’ security. In addition to releasing updates for EPM, Ivanti has rectified seven high-severity vulnerabilities in Ivanti Workspace Control (IWC) and Ivanti Cloud Service Appliance (CSA). To bolster its security posture, Ivanti has increased its internal scanning and manual testing protocols. Furthermore, the company has refined its responsible disclosure process, facilitating the increased identification and resolution of vulnerabilities. These measures are a testament to Ivanti’s dedication to fortifying its software and protecting its customers from evolving cyber threats.

Broader Cybersecurity Measures

Ivanti has released critical software updates to address multiple vulnerabilities in its Endpoint Manager (EPM) software. These updates target a variety of security flaws that could compromise user data and system integrity. Notably, a severe deserialization of untrusted data vulnerability (CVE-2024-29847) has been identified, with a maximum CVSS score of 10.0. This vulnerability is particularly dangerous as it allows remote unauthenticated attackers to execute arbitrary code, posing significant risks of data breaches and system takeovers.

Additionally, Ivanti has fixed several unspecified SQL injection vulnerabilities (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34779, -34783, and -34785), each with a CVSS score of 9.1. These SQL injection flaws are perilous because they enable an authenticated attacker with admin privileges to execute remote code, thereby gaining unauthorized access to systems. The affected versions include EPM 2024 and 2022 SU5 and earlier, with patches provided in versions 2024 SU1 and 2022 SU6. Ivanti stresses the urgency of upgrading to these latest versions to mitigate these serious security risks.

Explore more

Why Are Small Businesses Losing Confidence in Marketing?

In the ever-evolving landscape of commerce, small and mid-sized businesses (SMBs) globally are grappling with a perplexing challenge: despite pouring more time, energy, and resources into marketing, their confidence in achieving impactful results is waning, and recent findings reveal a stark reality where only a fraction of these businesses feel assured about their strategies. Many struggle to measure success or

How Are AI Agents Revolutionizing Chatbot Marketing?

In an era where digital interaction shapes customer expectations, Artificial Intelligence (AI) is fundamentally altering the landscape of chatbot marketing with unprecedented advancements. Once limited to answering basic queries through rigid scripts, chatbots have evolved into sophisticated AI agents capable of managing intricate workflows and delivering seamless engagement. Innovations like Silverback AI Chatbot’s updated framework exemplify this transformation, pushing the

How Does Klaviyo Lead AI-Driven B2C Marketing in 2025?

In today’s rapidly shifting landscape of business-to-consumer (B2C) marketing, artificial intelligence (AI) has emerged as a pivotal force, reshaping how brands forge connections with their audiences. At the forefront of this transformation stands Klaviyo, a marketing platform that has solidified its reputation as an industry pioneer. By harnessing sophisticated AI technologies, Klaviyo enables companies to craft highly personalized customer experiences,

How Does Azure’s Trusted Launch Upgrade Enhance Security?

In an era where cyber threats are becoming increasingly sophisticated, businesses running workloads in the cloud face constant challenges in safeguarding their virtual environments from advanced attacks like bootkits and firmware exploits. A significant step forward in addressing these concerns has emerged with a recent update from Microsoft, introducing in-place upgrades for a key security feature on Azure Virtual Machines

How Does Digi Power X Lead with ARMS 200 AI Data Centers?

In an era where artificial intelligence is reshaping industries at an unprecedented pace, the demand for robust, reliable, and scalable data center infrastructure has never been higher, and Digi Power X is stepping up to meet this challenge head-on with innovative solutions. This NASDAQ-listed energy infrastructure company, under the ticker DGXX, recently made headlines with a groundbreaking achievement through its