First published: 25 Jul 2023
Last updated: 25 Jul 2023

Content written for

Large organisations & infrastructure
Government

This alert is relevant to Australians who are running Ivanti EPMM. This alert is intended to be understood by slightly more technical users. Users are encouraged to immediately apply any available patches.

Background / What has happened?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has received reports of a vulnerability in Ivanti EPMM impacting all supported versions 11.10, 11.9 and 11.8. Older versions/releases are also at risk. This vulnerability enables an unauthorised, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server. The Ivanti MobileIron security advisory includes patches for all supported versions.

Mitigation / How do I stay secure?

Australian organisations should review their networks for use of vulnerable instances of Ivanti EPMM. The Ivanti EPMM security advisory recommends upgrading EPMM with patch releases (11.8.1.1, 11.9.1.1 and 11.10.0.2) from the system manager portal. If you cannot upgrade, please refer to the information in the advisory to apply an RPM-based solution.

Organisations are also encouraged to familiarise themselves with ACSC advice and resources.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via cyber.gov.au/report, or 1300 CYBER1 (1300 292 371).

Reporting of available information to the ASD’s ACSC contributes to our advice, and all organisations’ understanding of the current threat environment.

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?