CVE-2026-1603
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读文章,抓住关键点。 文章讲的是Ivanti Endpoint Manager (EPM)的一个认证绕过漏洞,CVE编号是2026-1603。这个漏洞影响的是EPM 2024 SU5之前的版本。攻击者可以远程访问存储的凭证数据,而不需要认证。CVSS评分方面,Ivanti给的是8.6,NVD给的是7.5。 成功利用这个漏洞可能导致敏感凭证泄露和未经授权的操作。因为EPM通常有较高的权限,所以可能会引发更严重的安全问题,比如横向移动和系统被广泛破坏。 建议用户升级到2024 SU5版本来修复这个问题,并且可以使用Horizon3.ai的Rapid Response测试来验证是否受到影响以及修复是否成功。 所以总结的时候,我需要包括漏洞名称、影响版本、攻击方式、风险等级以及修复措施。控制在100字以内的话,可能需要简洁地表达这些要点。 </think> Ivanti Endpoint Manager (EPM) 存在认证绕过漏洞(CVE-2026-1603),影响 2024 SU5 之前版本。攻击者可远程获取存储凭证,CVSS 评分 8.6(Ivanti)/7.5(NVD)。建议升级至最新版本以修复漏洞。 2026-2-18 17:32:28 Author: horizon3.ai(查看原文) 阅读量:3 收藏

Ivanti Endpoint Manager (EPM) | Authentication Bypass Vulnerability

CVE-2026-1603 is an authentication bypass vulnerability affecting Ivanti Endpoint Manager (EPM) prior to version 2024 SU5. The vulnerability allows a remote attacker to access stored credential data without proper authentication. Ivanti assigns a CVSS v3 score of 8.6, while NVD lists a score of 7.5.

Successful exploitation could allow an attacker to retrieve sensitive credential information and perform unauthorized actions within the EPM environment. Because Ivanti EPM often operates with elevated privileges across managed endpoints, credential exposure can introduce downstream risk including lateral movement and broader system compromise.

Stop Guessing, Start Proving

Attack characteristics:

  • Attack vector: Network
  • Authentication required: None
  • User interaction: None
  • Impact: Authentication bypass leading to credential exposure
  • CVSS v3 score: 8.6 (Ivanti) / 7.5 (NVD)
  • Exploitation status: No public confirmation of active exploitation at time of publication

While this is not a remote code execution vulnerability, authentication bypass affecting credential material should be treated as high risk due to the potential for follow-on access.

To safely verify whether CVE-2026-1603 affects your Ivanti Endpoint Manager deployment, Horizon3.ai customers can leverage the newly released Rapid Response test to confirm exploitability and validate remediation after patching.

  • Run the Rapid Response test — Launch the Ivanti EPM CVE-2026-1603 Rapid Response test from the customer portal to assess both internet-facing and internal EPM instances for authentication bypass exposure.
  • Apply mitigation immediately — Update Ivanti Endpoint Manager to version 2024 SU5 as outlined in the Ivanti Security Advisory. Customers running versions prior to 2024 SU5 are considered affected.
  • Re-run the Rapid Response test — Confirm that authentication bypass is no longer possible and validate that remediation has successfully removed exposure.

Rapid Response enables security teams to focus on vulnerabilities attackers are most likely to weaponize, allowing prioritized action based on validated exposure.

Ivanti has not published specific IOCs tied to active exploitation for this vulnerability. Organizations should review:

  • Unusual or unauthenticated access attempts against Ivanti EPM services
  • Unexpected access to stored credential data
  • Anomalous administrative actions within the EPM console
  • Suspicious outbound connections originating from the EPM server

As with any authentication bypass issue, organizations should assume potential credential exposure if systems were internet-accessible and unpatched.

  • Ivanti Endpoint Manager (EPM) versions prior to 2024 SU5
  • Mitigation: Upgrade to Ivanti Endpoint Manager 2024 SU5 as outlined in the Ivanti Security Advisory.

文章来源: https://horizon3.ai/attack-research/vulnerabilities/cve-2026-1603/
如有侵权请联系:admin#unsafe.sh