CVE-2024-22026 MEDIUM

CVE-2024-22026

Vendor Ivanti
Product EPMM
Published May 22, 2024
Last update March 13, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

Key dates

02Disclosure timeline

May 22, 2024 CVE published
March 13, 2025 Record updated