A critical vulnerability, CVE-2024-22026, has been identified in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability allows a local attacker to gain root access to affected systems, posing a significant security risk. The attack vector for CVE-2024-22026 is local, meaning the attacker needs physical access to the device. Once exploited, the attacker can achieve root access, granting them full control over the system, which could lead to severe security breaches.
The vulnerability is exploited through a specific command used by low-privilege users to install RPM packages. The command does not check signatures or block URLs, enabling an attacker to create a fake RPM package and send it to the device. This malicious package can then be installed, allowing the attacker to execute code with root privileges. The proof-of-concept exploit involves creating a malicious RPM package with scripts that report back user information and create a new root user, effectively compromising the device.
Ivanti has released patches for versions 12.1.0.0, 12.0.0.0, and 11.12.0.1 to address this vulnerability. Users are strongly advised to update their systems to these versions to mitigate the risks associated with CVE-2024-22026. The urgency of this update is underscored by the potential for significant security breaches if the vulnerability is left unpatched. The disclosure of this vulnerability and the availability of a proof-of-concept exploit highlight the importance of maintaining up-to-date security practices to protect against such threats.
Reference:
