Ivanti EPMM privilege escalation flaw exploit now available, CVE 2024-22026

May 20, 2024
1 min read

TLDR:

  • A PoC exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released.
  • The vulnerability allows attackers to create a backdoor account with root access.

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. The vulnerability was discovered by Bryan Smith and affects Ivanti EPMM v12.0 and earlier. The exploit allows attackers to elevate their privileges by creating a new user account with root access. This backdoor account bypasses the intended restricted shell environment, leading to complete system compromise and potential network intrusion.

CVE-2024-22026, as well as two SQL injection flaws, have been fixed in Ivanti EPMM v12.1.0.0. To mitigate the risk of exploitation, admins are advised to upgrade their installations to the latest available version as soon as possible.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and