Ivanti has released critical security updates to address two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are currently being exploited in attacks. The company announced the patches on July 10, 2024, urging all customers to apply them immediately to protect their mobile device management systems from remote compromise.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added one of the flaws to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to remediate the issue by a specified deadline. This action underscores the severity of the threat and the active exploitation observed in the wild.
Details of the Security Vulnerabilities
The first Vulnerability, tracked as CVE-2024-1281, is a critical remote code execution flaw with a CVSS score of 9.6. It allows an unauthenticated attacker to execute arbitrary code on the underlying EPMM server. The second flaw, identified as CVE-2024-1282, is a high-severity authentication bypass vulnerability with a CVSS score of 8.2. This issue could permit an attacker to gain unauthorized access to the administrative console.
According to Ivanti’s security advisory, both vulnerabilities affect supported versions of Ivanti EPMM, formerly known as MobileIron Core. The company stated that it is aware of limited, targeted exploitation of these vulnerabilities against a small number of customers.
Official Response and Mitigation
In its public statement, Ivanti provided direct download links for the security updates corresponding to each supported version of EPMM. The company emphasized that applying these patches is the only complete mitigation for the vulnerabilities. For customers unable to apply the update immediately, Ivanti published temporary workarounds, which involve restricting network access to the EPMM administrative interface.
CISA’s binding operational directive requires all federal civilian executive branch agencies to apply Ivanti’s updates by July 24, 2024. The agency’s catalog entry warns that these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Background on Recent Ivanti Vulnerabilities
This incident marks the latest in a series of high-profile security issues affecting Ivanti products in 2024. Earlier this year, the company faced widespread exploitation of multiple zero-day vulnerabilities in its Ivanti Connect Secure and Ivanti Policy Secure gateways. Those incidents led to mass exploitation by threat actors, including state-sponsored groups, resulting in the compromise of thousands of devices globally.
The recurrence of critical flaws has placed Ivanti under increased scrutiny from cybersecurity professionals and enterprise customers. The company’s response times and Patch development processes are being closely monitored by the industry.
Security researchers note that mobile device management systems like EPMM are high-value targets for attackers. A successful compromise can provide access to a vast array of managed mobile devices, corporate data, and network credentials, making robust security essential.
Looking Ahead and Recommended Actions
Organizations using Ivanti EPMM are advised to prioritize the installation of the provided security updates without delay. Cybersecurity experts recommend verifying that the patches have been applied successfully and conducting thorough security audits of affected systems to check for any signs of prior intrusion.
Ivanti has indicated that its security team continues to monitor the threat landscape for any changes. The company is expected to provide further updates if new information regarding the exploitation or additional mitigation advice becomes available. System administrators should remain vigilant for any future communications from Ivanti’s product security team.
Source: Ivanti Security Advisory, CISA KEV Catalog
