Security News > 2024 > October > Critical Ivanti RCE flaw with public exploit now used in attacks

Critical Ivanti RCE flaw with public exploit now used in attacks

2024-10-02 18:55

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. [...]

News URL

https://www.bleepingcomputer.com/news/security/critical-ivanti-rce-flaw-with-public-exploit-now-used-in-attacks/

#attack #critical #exploit #ivanti #RCE

Related news

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
Critical auth bypass bug in CrushFTP now exploited in attacks (source)
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ivanti		29	1	59	211	84	355

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.