Security News > 2024 > May > PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)
Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly MobileIron Core) is used by enterprises to securely manage the lifecycle of mobile devices and mobile applications. CVE-2024-22026 was discovered by Bryan Smith, a security researcher with Redline Cyber Security, and affects Ivanti EPMM v12.0 and earlier. “CVE-2024-22026 stems from inadequate validation in the … More → The post PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/05/20/cve-2024-22026-poc/
Related news
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- PoC exploit for SysAid pre-auth RCE released, upgrade quickly! (source)
- Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-22 | CVE-2024-22026 | Unspecified vulnerability in Ivanti Endpoint Manager Mobile A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | 6.7 |