Skip to main content

Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile

Vulnerabilities could allow an attacker to escalate privileges, modify data, or execute arbitrary commands 

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Vulnerabilities could allow an attacker to escalate privileges, modify data, or execute arbitrary commands 


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Ivanti has disclosed three vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, each with a CVSSv3 score of 6.7.

CVE-2024-22026 is a privilege escalation vulnerability in EPMM, which could allow an authenticated local attacker to bypass shell restriction and execute arbitrary commands on the appliance.

CVE-2023-46806 and CVE-2023-46807 are SQL injection vulnerabilities in the web component of EPMM, which could allow an authenticated attacker with appropriate privilege to access or modify data in the underlying database.

Proof-of-concept for exploitation of CVE-2024-22026

A proof-of-concept for the exploitation of CVE-2024-22026 has been publicly released. Exploitation is considered more likely.


Remediation advice

Affected organisations are advised to review Ivanti's KB Security Advisory - Ivanti Endpoint Manager Mobile (EPMM) May 2024 advisory and apply any necessary updates as soon as possible.



Last edited: 22 May 2024 4:00 pm