Ivanti EPMM MobileIron Core PoC exploit now available for download

May 16, 2024
1 min read

TLDR:

A PoC exploit has been released for a vulnerability in Ivanti Endpoint Manager Mobile (EPMM), previously MobileIron Core, allowing a local attacker to gain root access to affected systems. The vulnerability, CVE-2024-22026, poses a significant security risk and Ivanti has released patches to address it in certain versions. Users are advised to update to mitigate the risk.

A newly disclosed vulnerability, CVE-2024-22026, has been found in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core. The severity of this vulnerability is undetermined, but it allows a local attacker to gain root access to affected systems by exploiting a local attack vector. The attacker can use a malicious RPM package to execute commands as root, potentially leading to significant security breaches.

The attack vector for CVE-2024-22026 is local, meaning the attacker must have local access to the system to exploit the vulnerability. Once exploited, the attacker can gain root access, providing full control over the system. Ivanti has released patches to address this vulnerability in versions 12.1.0.0, 12.0.0.0, and 11.12.0.1, and users are strongly recommended to update to mitigate the risk associated with CVE-2024-22026.

The exploit involves creating a malicious RPM package and using CLI commands to fetch and install it. By leveraging this vulnerability, an attacker could potentially create a backdoor into the system and escalate their privileges to gain control over the affected system. It is crucial for users to update to the patched versions to prevent such exploits and security breaches.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.