Security News > 2024 > January > Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Currently, Ivanti blocks public access to an advisory containing full CVE-2023-39366 details, likely to provide customers with more time to secure their devices before threat actors can create exploits using the additional information.
Ivanti releases patches for 13 critical Avalanche RCE flaws.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- Ivanti fixes three critical flaws in Connect Secure & Policy Secure (source)
- Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-39366 | Cacti is an open source operational monitoring and fault management framework. | 4.8 |