3 Ivanti flaws added to CISA list of known exploited vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) on March 10 added three critical 9.8 Ivanti Endpoint Manager (EPM) flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Federal agencies have until March 31 to fix the flaws, as they have been actively exploited in the wild. CISA also advises private sector companies to follow suit.

The flaws — CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161 — are path traversal vulnerabilities that can grant remote, unauthenticated attackers full compromise of vulnerable servers.

“Given the recent history of Ivanti vulnerabilities, this latest development underscores the importance of rapid patching and continuous hardening to mitigate risk,” said Heath Renfrow, co-founder and CISO at Fenix24. “We've seen firsthand how adversaries quickly weaponize these types of flaws, particularly when proof-of-concept exploits are made public.”

Renfrow said organizations that delay patching are at risk of full domain compromise, credential theft, and lateral movement by threat actors who capitalize on exposed systems. Renfrow pointed out that these vulnerabilities further contribute to the broader pattern of Ivanti-related security challenges over the past year, making it clear that proactive security measures — not just reactive patching — are essential.

Chris Gray, Field CTO at Deepwatch, added that security teams should assume that these Ivanti systems are already compromised. Gray pointed out that Ivanti has a significant market share with more than 400,000 companies using their VPN, ICS, IPS, and ZTA platforms: a big reason their products are so heavily targeted.

“Malicious actors seek targets of opportunity, and the larger the target population, the more likely that there will be unpatched systems,” said Gray. “These flaws are known, and exploits are present. Anyone with affected systems should, as CISA and others have previously said, patch them immediately.”