Security News > 2024 > January > Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Currently, Ivanti blocks public access to an advisory containing full CVE-2023-39366 details, likely to provide customers with more time to secure their devices before threat actors can create exploits using the additional information.
Ivanti releases patches for 13 critical Avalanche RCE flaws.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-39366 | Cross-site Scripting vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 4.8 |