U.S. CISA Adds Advantive VeraCore and Ivanti EPM Flaws to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken another step in its efforts to protect the nation's critical infrastructure by adding two new vulnerabilities to its list of known exploited vulnerabilities: Advantive VeraCore and Ivanti EPM.

These newly added vulnerabilities were determined to be under active exploitation by malicious actors, highlighting the ongoing threat landscape and the need for organizations to stay vigilant and proactive in securing their networks. CISA's Known Exploited Vulnerabilities (KEV) catalog serves as a warning system, alerting federal agencies and private sector organizations to known exploits that have already been identified.

Advantive VeraCore vulnerabilities are being exploited by a Vietnamese cybercrime group tracked as XE Group, which is using them to deploy reverse shells and web shells for persistent remote access. This represents a significant threat to organizations with systems vulnerable to these attacks, as it allows attackers to maintain long-term access to compromised systems.

On the other hand, Ivanti EPM flaws have not been publicly reported in real-world attacks but experts are aware of the availability of proof-of-concept (PoC) exploit code for these issues. While no known attacks have been attributed to Ivanti EPM vulnerabilities yet, their presence in CISA's catalog serves as a reminder that even seemingly low-risk vulnerabilities can be exploited by malicious actors if left unaddressed.

According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have until March 31, 2025, to address these identified vulnerabilities. Meanwhile, experts recommend that private organizations review CISA's catalog and take proactive steps to patch their networks against attacks exploiting these flaws.

This latest update underscores the importance of regular vulnerability assessments and proactive security measures for organizations operating in critical sectors. As CISA continues to monitor the threat landscape and identify new vulnerabilities, it is essential for all stakeholders to stay informed and up-to-date on known exploits and mitigation strategies.