Description
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- Ivanti / Endpoint Manager Mobile12.8.0.1 – 12.8.0.1
- Ivanti / Endpoint Manager Mobile12.7.0.1 – 12.7.0.1
- Ivanti / Endpoint Manager Mobile12.6.1.1 – 12.6.1.1