Impact
An improper input validation flaw exists in Ivanti Endpoint Manager Mobile versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. A remotely authenticated administrative user can leverage this flaw to achieve remote code execution. This vulnerability is linked to CWE-20.
Affected Systems
Ivanti Endpoint Manager Mobile deployments using versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 are vulnerable when remote administrative access is enabled.
Risk and Exploitability
The CVSS score of 7.2 and the EPSS score of 34% indicate a significant likelihood of exploitation. The vulnerability is listed in the CISA KEV catalog, highlighting its active exploitation or high threat perception. Exploitation requires valid administrative credentials, meaning the attacker must first compromise or obtain those credentials, after which remote code execution can be achieved from any remote context.
OpenCVE Enrichment