Skip to content

Commit

Permalink
Ivanti EPMM Vulnerability - 20240523002
Browse files Browse the repository at this point in the history
  • Loading branch information
@LSerki
LSerki authored May 23, 2024
1 parent 60042ed commit 25fa892
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions docs/advisories/Advisory-vulnerability.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Ivanti EPMM Vulnerability - 20240523002

## Overview

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

## What is vulnerable?

| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
| ---- | ------------ | ---- | ------------------- | ------- | ----- |
| [CVE-2024-22026](https://nvd.nist.gov/vuln/detail/CVE-2024-22026) | **Medium** | 6.7 | **EPMM before 12.1.0.0** | | |

## Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)):

- https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US
- https://help.ivanti.com/mi/help/en_us/core/12.x/rn/CoreConnectorReleaseNotes/IvantiEPMM_rn_12.x.pdf

0 comments on commit 25fa892

Please sign in to comment.