When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
By abusing the flaw, threat actors could hijack enrolled devices or even the core server.
The vulnerability is now tracked as CVE-2023-39336, and affects all supported EPM versions.
If your organization is using the software, confirm to update it to version 2022 Service Update 5.
The only thing they need is access to the targets internal internet.
“This can then allow the attacker control over machines running the EPM agent.
The good news is that Ivanti was proactive about the flaw.
There is no evidence of hackers abusing it in the wild, or client complaints of hacking attempts.
Ivantis EPM is a unified platform designed to help businesses manage user profiles and client devices.
It supports Windows, macOS, Linux, Chrome OS, and different IoT platforms.
It also comes with Day Zero support, promising swift management without loss of functionality, or downtime.
The company counts more than 40,000 clients around the world.
