CVE-2024-36130

CRITICAL

EPMM <12.1.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

Scores

CVSS v3 9.8
EPSS 0.0225
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-285 CWE-287
Status published
Products (1)
ivanti/endpoint_manager_mobile < 12.1.0.1
Published Aug 07, 2024
Tracked Since Feb 18, 2026