Security News > 2024 > January > Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Currently, Ivanti blocks public access to an advisory containing full CVE-2023-39366 details, likely to provide customers with more time to secure their devices before threat actors can create exploits using the additional information.
Ivanti releases patches for 13 critical Avalanche RCE flaws.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-39366 | Cacti is an open source operational monitoring and fault management framework. | 4.8 |