Ivanti Endpoint Manager Deserialization Vulnerability Leading to Remote Code Execution

A deserialization vulnerability allowing remote code execution has been identified in Ivanti Endpoint Manager (EPM) versions prior to the January 2024-2025 Security Update and the 2022 SU6 January-2025 Security Update. This vulnerability arises from the deserialization of untrusted data, which a remote unauthenticated attacker can exploit, although it requires local user interaction.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users should apply the hot patches available for their EPM version. For EPM 2024, the hot patch can be downloaded from the Ivanti License System (ILS) and applied to the core server and remote consoles. For EPM 2022 SU6, a similar hot patch is available and should be applied in the same manner. After applying the patch, the core server should be rebooted.