Ivanti warns of new EPMM flaw exploited in zero-day attacks
Summary
Ivanti has alerted customers to a critical vulnerability in its Endpoint Manager Mobile (EPMM) software that is being actively exploited in zero-day attacks. Organizations are urged to patch their systems immediately to mitigate the risk of remote code execution.
IFF Assessment
This vulnerability allows for remote code execution, posing a direct threat to organizational security and data.
Severity
The vulnerability allows for remote code execution, has a high impact on confidentiality, integrity, and availability, and is actively exploited as a zero-day, indicating high exploitability.
Defender Context
This zero-day attack targeting Ivanti EPMM highlights the critical need for prompt patching of widely used enterprise management software. Defenders should prioritize vulnerability management and have robust monitoring in place for signs of exploitation, especially for systems managing mobile endpoints.