TLDR:
- A PoC exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released.
- The vulnerability allows attackers to create a backdoor account with root access.
Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. The vulnerability was discovered by Bryan Smith and affects Ivanti EPMM v12.0 and earlier. The exploit allows attackers to elevate their privileges by creating a new user account with root access. This backdoor account bypasses the intended restricted shell environment, leading to complete system compromise and potential network intrusion.
CVE-2024-22026, as well as two SQL injection flaws, have been fixed in Ivanti EPMM v12.1.0.0. To mitigate the risk of exploitation, admins are advised to upgrade their installations to the latest available version as soon as possible.