Security News > 2024 > January > Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti warns critical EPM bug lets hackers hijack enrolled devices
2024-01-04 21:37

Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server.

Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.

The security flaw impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.

Currently, Ivanti blocks public access to an advisory containing full CVE-2023-39366 details, likely to provide customers with more time to secure their devices before threat actors can create exploits using the additional information.

Ivanti releases patches for 13 critical Avalanche RCE flaws.

Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.


News URL

https://www.bleepingcomputer.com/news/security/ivanti-warns-critical-epm-bug-lets-hackers-hijack-enrolled-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-39366 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 23 9 59 74 51 193