Unauthorized command execution vulnerability in EPMM web component
CVE-2024-36130

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Epmm
Vendor: CVE Published:; 7 August 2024

Summary

An insufficient authorization vulnerability exists in the web component of Ivanti Endpoint Manager for Mobile versions prior to 12.1.0.1. This vulnerability permits an unauthorized attacker within the same network to execute arbitrary commands on the underlying operating system of the affected appliance. Exploitation of this vulnerability can lead to serious security breaches and unauthorized access to system resources, emphasizing the need for prompt updates and security measures to safeguard against potential threats.

Affected Version(s)

EPMM 12.1.0.1

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2024
Vulnerability Reserved
May 21, 2024

Collectors

NVD DatabaseMitre Database