Vulnerabilities could allow an attacker to escalate privileges, modify data, or execute arbitrary commands

Threat ID:CC-4500

Threat Severity:Medium

Published:22 May 2024 3:59 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 12.1.0.0

Ivanti Endpoint Manager Mobile (formerly MobileIron Core)

Threat details

Introduction

Ivanti has disclosed three vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, each with a CVSSv3 score of 6.7.

CVE-2024-22026 is a privilege escalation vulnerability in EPMM, which could allow an authenticated local attacker to bypass shell restriction and execute arbitrary commands on the appliance.

CVE-2023-46806 and CVE-2023-46807 are SQL injection vulnerabilities in the web component of EPMM, which could allow an authenticated attacker with appropriate privilege to access or modify data in the underlying database.

Proof-of-concept for exploitation of CVE-2024-22026

A proof-of-concept for the exploitation of CVE-2024-22026 has been publicly released. Exploitation is considered more likely.

Remediation advice

Affected organisations are advised to review Ivanti's KB Security Advisory - Ivanti Endpoint Manager Mobile (EPMM) May 2024 advisory and apply any necessary updates as soon as possible.

Definitive source of threat updates

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older

CVE Vulnerabilities

StatusReserved

CVE-2024-22026

StatusReserved

CVE-2023-46806

StatusReserved

CVE-2023-46807

Last edited: 22 May 2024 4:00 pm