Ivanti: Endpoint Manager 2021 device management software vulnerable
Attackers can execute malicious code with elevated rights. Admins must upgrade Ivanti EPM to a version that is still supported.
![Finger drückt auf Knopf](https://heise.cloudimg.io/width/610/q85.png-lossy-85.webp-lossy-85.foil1/_www-heise-de_/imgs/18/4/6/0/0/7/9/0/shutterstock_1862075341-d8ceda0986fc971e.jpeg)
(Image: Photon photo/Shutterstock.com)
Ivanti's Endpoint Manager (EPM) device management software is vulnerable in the 2021 release. However, support for it has expired and there are no more security updates. To secure systems, admins need to upgrade.
In a warning message, the developers state that the vulnerability (CVE-2024-22058"high") only threatens all EPM versions up to and including 2021.1 SU5. Admins must therefore upgrade to EPM 2022 to prevent attacks. These editions do not include the vulnerable legacy Remote Control component.
If the upgrade is not carried out, local attackers can execute malicious code with elevated rights on PCs with EPM Agent installed. Ivanti assures that they have not observed any attacks so far.
(des)