Ivanti Endpoint Manager is a software tool used to manage and secure endpoint devices. This vulnerability allows attackers to execute arbitrary code on the server by writing files, potentially leading to remote code execution.
Ivanti Endpoint Manager is a software tool used to manage and secure endpoint devices. This vulnerability allows attackers to execute arbitrary code on the server by writing files, potentially leading to remote code execution.
You're affected if you use Improper control of dynamically managed code resources. Affected versions: 2024 If you don't recognise this software, you're probably not affected.
Upgrade to Ivanti Endpoint Manager 2024 SU4 SR1 or later.
- Immediate mitigations:
* Restrict network access to your Ivanti Endpoint Manager instance (firewall it from the public internet)
* Audit admin account activity for suspicious access patterns
* Monitor for unauthorized file creation