cbcvebase.
CVE-2024-36131
published 2024-08-07

CVE-2024-36131: An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.29%
81.1th percentile
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager_mobile< 12.1.0.112.1.0.1
ivantiepmm>= 12.1.0.1 < 12.1.0.112.1.0.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is insecure deserialization (CWE-502) in the web component of Ivanti EPMM; monitor for anomalous deserialization-related payloads in HTTP requests to the EPMM web interface
  • Exploitation requires authentication; investigate authenticated sessions that subsequently trigger OS command execution — look for unusual child processes spawned from the EPMM web service process
  • ·Vulnerability affects Ivanti EPMM versions prior to 12.1.0.1 only; patched installations running 12.1.0.1 or later are not affected

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.