Ivanti Endpoint Manager Mobile Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the API component of Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior, as well as several 11.x and 12.3.x versions. This vulnerability allows authenticated attackers to execute arbitrary code by sending crafted API requests.

Impact

Exploitation of this vulnerability allows for authenticated attackers to execute arbitrary code on the affected system.

Remediation

Users are advised to update to version 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1. For those needing an alternative option, an RPM file can be requested through Ivanti's Support. After receiving the RPM, it can be installed via SSH by logging in as the admin user, entering EXEC PRIVILEGED mode, and using the appropriate command to download and install the RPM. Once the installation is complete, the system should be reloaded to apply the update.