CISA has identified five vulnerabilities in Advantive VeraCore and Ivanti Endpoint Manager that are actively exploited, prompting their inclusion in the Known Exploited Vulnerabilities catalog. These vulnerabilities include file upload issues, SQL injection, and path traversal attacks. Notably, a Vietnam-based threat actor, XE Group, has been linked to the exploitation of VeraCore vulnerabilities. Although Ivanti EPM's vulnerabilities lack public exploitation reports, a proof-of-concept exploit suggests potential for significant server compromise. Federal agencies are urged to apply patches by March 31, 2025, to mitigate these risks.
"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted five security flaws affecting Advantive VeraCore and Ivanti Endpoint Manager in its Known Exploited Vulnerabilities catalog due to active exploitation."
"The exploitation has been linked to a Vietnamese threat actor known as XE Group, which is employing reverse shells to maintain remote access to affected systems."
Collection
[
|
...
]