US authority CISA warns: Critical gaps in Ivanti and Zimbra are being exploited
A months-old Ivanti flaw is now being actively exploited by attackers, while the Zimbra vulnerability is only a few days old. Patches are urgently recommended.
(Image: CISA)
The US cyber security authority CISA warns of a critical security leak in Ivanti Endpoint Manager and a gap in the groupware Zimbra. It has added the bugs with the CVE IDs CVE-2024-29824 and CVE-2024-45519 to its list of "Known Exploited Vulnerabilities" (KEV). While the Ivanti bug was made public back in May, the public has only known about the code-smuggling vulnerability in Zimbra for a few days.
Well-hung Ivanti and fresh Zimbra errors
Ivanti made the now actively exploited bug public in a security advisory back in May, along with no fewer than nine other SQL injection bugs in all versions up to and including 2022 SU5 of the Endpoint Manager. The manufacturer had initially fixed the critical bug temporarily with a hotfix, but this caused trouble elsewhere. It is now time for administrators with these outdated versions of Ivanti Endpoint Manager to switch to a newer version, especially as exploit scripts have been available on GitHub for months.
The critical vulnerability in Zimbra, on the other hand, is much more recent – the first exploit attempts date back to September 28. It is unclear whether the US authority CISA has now received further information about attack campaigns against Zimbra installations. Administrators should update their Zimbra servers as soon as possible or deactivate the postjournal service.
(cku)
