CVE-2024-36131
published 2024-08-07CVE-2024-36131: An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.29%
81.1th percentile
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 12.1.0.1 | 12.1.0.1 |
| ivanti | epmm | >= 12.1.0.1 < 12.1.0.1 | 12.1.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is insecure deserialization (CWE-502) in the web component of Ivanti EPMM; monitor for anomalous deserialization-related payloads in HTTP requests to the EPMM web interface ↗
- →Exploitation requires authentication; investigate authenticated sessions that subsequently trigger OS command execution — look for unusual child processes spawned from the EPMM web service process ↗
- ·Vulnerability affects Ivanti EPMM versions prior to 12.1.0.1 only; patched installations running 12.1.0.1 or later are not affected ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4jhq-mm86-8cmq: An insecure deserialization vulnerability in web component of EPMM prior to 12
ghsa_unreviewed·2024-08-07
CVE-2024-36131 [HIGH] CWE-502 GHSA-4jhq-mm86-8cmq: An insecure deserialization vulnerability in web component of EPMM prior to 12
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
Ivanti
Ivanti Security Advisory: CVE-2024-36131
vendor_ivanti·2024-08-07·CVSS 8.8
CVE-2024-36131 [HIGH] CWE-502 Ivanti Security Advisory: CVE-2024-36131
Ivanti Security Advisory: CVE-2024-36131
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
CVE IDs: CVE-2024-36131
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-502
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-07
Published