Security News > 2024 > January > Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Currently, Ivanti blocks public access to an advisory containing full CVE-2023-39366 details, likely to provide customers with more time to secure their devices before threat actors can create exploits using the additional information.
Ivanti releases patches for 13 critical Avalanche RCE flaws.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-05 | CVE-2023-39366 | Cacti is an open source operational monitoring and fault management framework. | 4.8 |