Ivanti Endpoint Manager Patch Management Bypass

HIGH (7.8)
cwe-347arbitrary-code-executionendpoint-managerivantipatch-managementvulnerability-bypass

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 10%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Ivanti Endpoint Manager is a patch management tool used by organizations to manage and deploy software updates across their endpoint devices. This vulnerability allows attackers to execute arbitrary code on the device without any user interaction, potentially leading to unauthorized access to sensitive data.

Am I affected?

You're affected if you use Improper verification of cryptographic signatures. Affected versions: 2024 If you don't recognise this software, you're probably not affected.

How to fix

  1. Upgrade to Ivanti Endpoint Manager version 2024 SU4 SR1 or later.
  2. Immediate mitigations:
  3. Restrict network access to the Ivanti Endpoint Manager instance (firewall it from the public internet)
  4. Audit admin account activity for suspicious access patterns
  5. Monitor for unauthorized token creation

References