A critical Ivanti vulnerability that can be used by threat actors to remotely execute code on vulnerable Endpoint Manager (EPM) appliances has come under active exploitation, security experts warn.

Ivanti EPM, a popular endpoint management solution, enables administrators to manage devices across a range of platforms, including Windows, macOS, Chrome OS, and Internet of Things (IoT) operating systems.

Tracked as CVE-2024-29824, the flaw is an SQL Injection issue that allows a remote attacker to execute arbitrary SQL queries in database. It

was initially addressed in May 2024 as part of a broader security update that patched six remote code execution vulnerabilities in the Core server. In June, security researchers published an in-depth analysis of the vulnerability along with the proof-of-concept (PoC) code.

On Wednesday, Ivanti updated its initial security advisory to add that it “has confirmed exploitation of CVE-2024-29824 in the wild,” with a limited number of customers who have been exploited.

Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its catalog of exploited vulnerabilities.