CVE-2024-36130

CRITICAL

EPMM <12.1.0.1 - Privilege Escalation

Title source: llm

Description

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024

Scores

CVSS v3 9.8

EPSS 0.0171

EPSS Percentile 82.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287 CWE-285

Status published

Products (1)

ivanti/endpoint_manager_mobile < 12.1.0.1

Published Aug 07, 2024

Tracked Since Feb 18, 2026