Ivanti and Zyxel Release Urgent Patches for Critical Vulnerabilities

Ivanti has rolled out crucial software updates aimed at mitigating multiple vulnerabilities in its Endpoint Manager (EPM) software, targeting a spectrum of security flaws that could potentially jeopardize user data and system integrity. Among these, a particularly severe deserialization of untrusted data vulnerability (CVE-2024-29847) stands out with a CVSS score of 10.0, indicating its critical nature and the potential for remote unauthenticated attackers to execute arbitrary code. This is a significant concern as such vulnerabilities can open the door for various forms of cyberattacks, from data breaches to system takeovers.

In addition to this critical flaw, Ivanti has also patched several unspecified SQL injection vulnerabilities (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34779, -34783, and -34785), each carrying a CVSS score of 9.1. These vulnerabilities are particularly menacing as they allow an authenticated attacker with administrative privileges to potentially execute remote code, thus gaining unauthorized access and control over affected systems. The vulnerable versions include EPM 2024 and 2022 SU5 and earlier, with the issues addressed in the newly released versions 2024 SU1 and 2022 SU6. Ivanti emphasizes the urgency of upgrading to these latest versions to mitigate risks.

Significance of Prompt Updates

The release of these software updates underscores the urgent need for organizations using Ivanti’s products to promptly upgrade to the latest versions to protect against these identified flaws. To date, Ivanti has confirmed that there have been no reports of active exploitation of these vulnerabilities in the wild. Nevertheless, the swift response to these issues highlights a proactive approach following the exploitation of zero-day vulnerabilities in Ivanti products, particularly by cyber espionage groups with ties to China. These groups’ activities underscore the increasingly sophisticated threats organizations face in today’s cybersecurity landscape.

Ivanti’s quick action in issuing these patches highlights the company’s commitment to its users’ security. In addition to releasing updates for EPM, Ivanti has rectified seven high-severity vulnerabilities in Ivanti Workspace Control (IWC) and Ivanti Cloud Service Appliance (CSA). To bolster its security posture, Ivanti has increased its internal scanning and manual testing protocols. Furthermore, the company has refined its responsible disclosure process, facilitating the increased identification and resolution of vulnerabilities. These measures are a testament to Ivanti’s dedication to fortifying its software and protecting its customers from evolving cyber threats.

Broader Cybersecurity Measures

Ivanti has released critical software updates to address multiple vulnerabilities in its Endpoint Manager (EPM) software. These updates target a variety of security flaws that could compromise user data and system integrity. Notably, a severe deserialization of untrusted data vulnerability (CVE-2024-29847) has been identified, with a maximum CVSS score of 10.0. This vulnerability is particularly dangerous as it allows remote unauthenticated attackers to execute arbitrary code, posing significant risks of data breaches and system takeovers.

Additionally, Ivanti has fixed several unspecified SQL injection vulnerabilities (CVE-2024-32840, -32842, -32843, -32845, -32846, -32848, -34779, -34783, and -34785), each with a CVSS score of 9.1. These SQL injection flaws are perilous because they enable an authenticated attacker with admin privileges to execute remote code, thereby gaining unauthorized access to systems. The affected versions include EPM 2024 and 2022 SU5 and earlier, with patches provided in versions 2024 SU1 and 2022 SU6. Ivanti stresses the urgency of upgrading to these latest versions to mitigate these serious security risks.

Explore more

How Can MRP and MPS Optimize Your Supply Chain in D365?

Introduction Imagine a manufacturing operation where every order is fulfilled on time, inventory levels are perfectly balanced, and production schedules run like clockwork, all without excessive costs or last-minute scrambles. This scenario might seem like a distant dream for many businesses grappling with supply chain complexities. Yet, with the right tools in Microsoft Dynamics 365 Business Central, such efficiency is

Streamlining ERP Reporting in Dynamics 365 BC with FYIsoft

In the fast-paced realm of enterprise resource planning (ERP), financial reporting within Microsoft Dynamics 365 Business Central (BC) has reached a pivotal moment where innovation is no longer optional but essential. Finance professionals are grappling with intricate data sets spanning multiple business functions, often bogged down by outdated tools and cumbersome processes that fail to keep up with modern demands.

Top Digital Marketing Trends Shaping the Future of Brands

In an era where digital interactions dominate consumer behavior, brands face an unprecedented challenge: capturing attention in a crowded online space where billions of interactions occur daily. Imagine a scenario where a single misstep in strategy could mean losing relevance overnight, as competitors leverage cutting-edge tools to engage audiences in ways previously unimaginable. This reality underscores a critical need for

Microshifting Redefines the Traditional 9-to-5 Workday

Imagine a workday where logging in at 6 a.m. to tackle critical tasks, stepping away for a midday errand, and finishing a project after dinner feels not just possible, but encouraged. This isn’t a far-fetched dream; it’s the reality for a growing number of employees embracing a trend known as microshifting. With 65% of office workers craving more schedule flexibility

Boost Employee Engagement with Attention-Grabbing Tactics

Introduction to Employee Engagement Challenges and Solutions Imagine a workplace where half the team is disengaged, merely going through the motions, while productivity stagnates and innovative ideas remain unspoken. This scenario is all too common, with studies showing that a significant percentage of employees worldwide lack a genuine connection to their roles, directly impacting retention, creativity, and overall performance. Employee