Local Privilege Escalation Vulnerability Affects EPMM Appliance
CVE-2024-22026

6.7MEDIUM

Key Information:

Vendor
Ivanti
Status
Epmm
Vendor
CVE Published:
22 May 2024

Badges

📰 News Worthy

Summary

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

Affected Version(s)

EPMM 12.1.0.0

EPMM 12.0.0.0

EPMM 11.12.0.1

News Articles

favicon imageAttackerKB

securekomodo's assessment of CVE-2024-22026 | AttackerKB

CVE-2024-22026 is a local privilege escalation vulnerability in Ivanti EPMM (formerly MobileIron) server versions prior to 12.1.0.0, 12.0.0.0, and 11.12.0.1. T…

favicon imageHelp Net Security

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) - Help Net Security

Technical details about and a PoC exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released.

favicon imageThe Hacker News

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

CISA has added two actively exploited vulnerabilities to its catalog. Make sure to apply vendor-provided mitigations by June 6, 2024, to stay safe.

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by CybersecurityNews

.