This alert is relevant to Australians who are running Ivanti EPMM. This alert is intended to be understood by slightly more technical users. Users are encouraged to immediately apply any available patches.
Background / What has happened?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has received reports of a vulnerability in Ivanti EPMM impacting all supported versions 11.10, 11.9 and 11.8. Older versions/releases are also at risk. This vulnerability enables an unauthorised, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server. The Ivanti MobileIron security advisory includes patches for all supported versions.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of Ivanti EPMM. The Ivanti EPMM security advisory recommends upgrading EPMM with patch releases (22.214.171.124, 126.96.36.199 and 188.8.131.52) from the system manager portal. If you cannot upgrade, please refer to the information in the advisory to apply an RPM-based solution.
Organisations are also encouraged to familiarise themselves with ACSC advice and resources.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via cyber.gov.au/report, or 1300 CYBER1 (1300 292 371).
Reporting of available information to the ASD’s ACSC contributes to our advice, and all organisations’ understanding of the current threat environment.