Summary
Ivanti is releasing security updates that address a critical vulnerability in Endpoint Manager Mobile (EPMM) and MobileIron Core products. This vulnerability, if exploited, could allow a remote attacker to bypass authentication mechanisms and access unauthorized application resources.
Notes (updated 01/19/2024): The vulnerability is being actively exploited online.
Notes (updated 01/19/2024): A Proof of Concept (PoC) for the exploitation of the vulnerability is available online.
Risk
Vulnerability Community Impact Estimate: HIGH/ORANGE (65.38/100)1.
Type
- Authentication bypass
- Information Disclosure
Affected products and versions
Ivanti
- Endpoint Manager Mobile (EPMM), versions 11.10, 11.9, and 11.8
- MobileIron Core 11.7 and earlier
Mitigation actions
In line with vendor statements, we recommend updating affected products to the latest available version by following the guidance in the security bulletins, available in the References section.
Unique Vulnerability Identifiers
References
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
