Adrian Johnson
TLDR:
A PoC exploit has been released for a vulnerability in Ivanti Endpoint Manager Mobile (EPMM), previously MobileIron Core, allowing a local attacker to gain root access to affected systems. The vulnerability, CVE-2024-22026, poses a significant security risk and Ivanti has released patches to address it in certain versions. Users are advised to update to mitigate the risk.
A newly disclosed vulnerability, CVE-2024-22026, has been found in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core. The severity of this vulnerability is undetermined, but it allows a local attacker to gain root access to affected systems by exploiting a local attack vector. The attacker can use a malicious RPM package to execute commands as root, potentially leading to significant security breaches.
The attack vector for CVE-2024-22026 is local, meaning the attacker must have local access to the system to exploit the vulnerability. Once exploited, the attacker can gain root access, providing full control over the system. Ivanti has released patches to address this vulnerability in versions 12.1.0.0, 12.0.0.0, and 11.12.0.1, and users are strongly recommended to update to mitigate the risk associated with CVE-2024-22026.
The exploit involves creating a malicious RPM package and using CLI commands to fetch and install it. By leveraging this vulnerability, an attacker could potentially create a backdoor into the system and escalate their privileges to gain control over the affected system. It is crucial for users to update to the patched versions to prevent such exploits and security breaches.
