Ivanti Endpoint Manager Mobile (EPMM) Critical RCE Vulnerability and Patch Management
Patching steps and technical solution guide for the critical RCE vulnerability detected in Ivanti EPMM systems.
Overview
Ivanti has issued a warning about a high-severity remote code execution (RCE) vulnerability detected in the Endpoint Manager Mobile (EPMM) platform and actively used by attackers in 'zero-day' attacks. This vulnerability allows an unauthenticated attacker to execute unauthorized commands on the system.
Affected Systems
This vulnerability affects all outdated versions of Ivanti EPMM. It is critical for all administrators to update their systems as soon as possible to ensure corporate network security.
Problem Analysis
The vulnerability in question is caused by insufficient input validation mechanisms in the system's API endpoints. By sending specially crafted HTTP requests, attackers can make the system act like a user with administrative rights. This can have serious consequences such as data leakage, system hijacking, or malware distribution.
Solution and Patch Steps
To close the security vulnerability, you need to apply the latest patch published by Ivanti. Please follow the steps below:
# Connect to the server via SSH
ssh admin@epmm-server-ip
# Install the update package and restart the service
sudo /opt/ivanti/bin/update-manager --install-patch patch-id-xxxx
sudo systemctl restart epmm-serviceWarning: System services will be temporarily stopped during the patching process. It is recommended that you create a scheduled maintenance window.
Verification
After the installation is completed, you can use the following command to check the current version of the system:
/opt/ivanti/bin/version-check --verboseIf you notice any unusual activity on your system, immediately review the log files and contact your security team.