{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-050.pdf"
    },
    "title": "Multiple Vulnerabilities in Ivanti EPMM",
    "serial_number": "2024-050",
    "publish_date": "22-05-2024 17:55:55",
    "description": "On May 15, 2024, Ivanti released a security advisory addressing multiple vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formally known as MobileIron. An attacker could exploit these flaws to execute arbitrary commands on the appliance.<br>\nIt is strongly advised updating affected systems to the latest versions to mitigate these risks.<br>\n",
    "url_title": "2024-050",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0Ivanti\u00a0EPMM'\nnumber: '2024-050'\nversion: '1.0'\noriginal_date: 'May 15, 2024'\ndate: 'May 22, 2024'\n---\n\n_History:_\n\n* _22/05/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 15, 2024, Ivanti released a security advisory addressing multiple vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formally known as MobileIron. An attacker could exploit these flaws to execute arbitrary commands on the appliance.\n\nIt is strongly advised updating affected systems to the latest versions to mitigate these risks.\n\n# Technical Details\n\n\nThe vulnerability **CVE-2024-22026**, with a CVSS score of 6.7 is a local privilege escalation vulnerability allowing an authenticated user to execute arbitrary commands with root privileges by crafting and delivering a malicious RPM package. [1,2,3]  \n\nThe vulnerabilities **CVE-2023-46806** and **CVE-2023-46807**, both with a CVSS score of 6.7, are SQL Injection vulnerabilities in the web component of EPMM which allows an authenticated user with appropriate privilege to access or modify data in the underlying database. [1]\n\n\n# Affected Products\n\n- Ivanti Endpoint Manager Mobile (EPMM) versions 12.0 and earlier.\n\n# Recommendations\n\nIt is strongly recommended to update affected devices to version 12.1.0.0 or later. [2]\n\n# References\n\n[1] <https://www.ivanti.com/blog/may-security-update>\n\n[2] <https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-May-2024?language=en_US>\n\n[3] <https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/05/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 15, 2024, Ivanti released a security advisory addressing multiple vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formally known as MobileIron. An attacker could exploit these flaws to execute arbitrary commands on the appliance.</p><p>It is strongly advised updating affected systems to the latest versions to mitigate these risks.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-22026</strong>, with a CVSS score of 6.7 is a local privilege escalation vulnerability allowing an authenticated user to execute arbitrary commands with root privileges by crafting and delivering a malicious RPM package. [1,2,3] </p><p>The vulnerabilities <strong>CVE-2023-46806</strong> and <strong>CVE-2023-46807</strong>, both with a CVSS score of 6.7, are SQL Injection vulnerabilities in the web component of EPMM which allows an authenticated user with appropriate privilege to access or modify data in the underlying database. [1]</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Ivanti Endpoint Manager Mobile (EPMM) versions 12.0 and earlier.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly recommended to update affected devices to version 12.1.0.0 or later. [2]</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.ivanti.com/blog/may-security-update\">https://www.ivanti.com/blog/may-security-update</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-May-2024?language=en_US\">https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-May-2024?language=en_US</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core\">https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}