Summary: CISA has issued a warning to U.S. federal agencies regarding three critical vulnerabilities in Ivanti Endpoint Manager, which can allow remote attackers to compromise servers. The vulnerabilities were patched by Ivanti, but proof-of-concept exploits have been released, escalating concerns about their active exploitation. Federal agencies are mandated to secure their systems within three weeks against these vulnerabilities to mitigate potential cyber threats.
Affected: U.S. Federal Agencies, Ivanti Endpoint Manager
Keypoints :
- Three critical vulnerabilities (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) have been identified in Ivanti Endpoint Manager.
- Full server compromise can be achieved through absolute path traversal weaknesses, enabling remote unauthenticated attacks.
- Federal agencies have until March 31 to secure their systems as per CISAβs Binding Operational Directive 22-01.