CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-36130

CVSS 9.8v3.1pub. 2024-08-07upd. 2025-03-13

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

🤖 AI Analysis
How it works

The vulnerability consists of insufficient authorization verification in the EPMM web component. An attacker operating within the network can send requests to the vulnerable component without needing to possess any credentials. As a result of this vulnerability, it is possible to execute arbitrary commands directly on the device's operating system.

Impact

An attacker can execute arbitrary commands on the appliance operating system, which in practice means complete takeover of the device, possibility of data theft, configuration modification, or further movement within the organization's network.

Mitigation & patch

Ivanti EPMM should be updated to version 12.1.0.1 or newer. Detailed information regarding the update is available in the official Ivanti Security Advisory (Security Advisory — July 2024).

Who is affected

Ivanti Endpoint Manager Mobile (EPMM) in versions prior to 12.1.0.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ivanti Endpoint Manager Mobile

    APP
    Ivanti
    < 12.1.0.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-1281CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)

CVE-2026-1340CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE

CVE-2023-35082CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access res...

CVE-2023-35078CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functiona...

CVE-2023-39337CRITICAL9.1ten sam produkt

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of a...