嗯,用户让我帮忙总结一篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要仔细阅读这篇文章。文章主要讲的是美国网络安全和基础设施安全局(CISA)将Ivanti EPMM中的一个漏洞添加到其已知被利用的漏洞目录中。这个漏洞的CVE编号是CVE-2026-1340,CVSS评分为9.8,属于严重级别。漏洞类型是代码注入,允许攻击者在未经过身份验证的情况下远程执行代码。 接下来,文章列出了受影响的版本,包括12.5.0.0及更早版本、12.6.0.0及更早版本、12.7.0.0及更早版本等。Ivanti公司已经意识到这个问题,并且提到有少量客户在披露时被利用,同时第三方在披露后不久发布了POC。公司建议客户尽快应用补丁,并运行Exploitation Detection RPM工具来检测潜在的妥协。 此外,CISA要求联邦机构在2026年4月11日前修复这个漏洞,并建议私营组织也检查和修复目录中的漏洞。 现在,我需要将这些信息浓缩到100字以内。重点包括:CISA将Ivanti EPMM的高危代码注入漏洞加入目录,CVSS 9.8分;该漏洞允许未认证远程代码执行;影响多个版本;公司发布检测工具;联邦机构需在4月11日前修复。 可能的结构:CISA将Ivanti EPMM中的高危代码注入漏洞加入已知被利用目录(CVSS 9.8),允许未认证远程执行代码。影响多个版本,公司发布检测工具,联邦机构需于4月11日前修复。 检查字数是否合适:大约在95字左右,符合要求。 </think> 美国网络安全机构CISA将Ivanti EPMM中的高危代码注入漏洞(CVE-2026-1340)加入已知被利用目录(CVSS 9.8),该漏洞允许未认证远程代码执行。受影响版本包括多个旧版,公司发布检测工具协助排查潜在攻击。联邦机构需于2026年4月11日前修复此漏洞以防范攻击。 2026-4-8 21:35:9 Author: securityaffairs.com(查看原文) 阅读量:15 收藏
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile that allows attackers to achieve unauthenticated remote code execution.
Below is the list of affected versions:
| Product Name | Affected Version(s) | Affected CPE(s) | Resolved Version(s) |
| Ivanti Endpoint Manager Mobile | 12.5.0.0 and prior 12.6.0.0 and prior 12.7.0.0 and prior | cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:* | RPM 12.x.0.x |
| Ivanti Endpoint Manager Mobile | 12.5.1.0 and prior 12.6.1.0 and prior | cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.1.0:*:*:*:*:*:*:* | RPM 12.x.1.x |
The software firm is aware of attacks in the wild exploiting this flaw.
“We are aware of a very limited number of customers who have been exploited at the time of disclosure. However, a POC was made available by a third party shortly after disclosure.” warns the company. “We urge all customers to apply the patch as soon as possible and run the Exploitation Detection RPM package as a tool to assist in identifying potential compromise.”
The company released a new RPM detection tool that helps customers check for possible exploitation by scanning for known indicators and generating logs for review. Any suspicious activity before patching may indicate compromise and requires investigation, while alerts after patching are likely just harmless scanning attempts.
The company pointed out that running the RPM tool alone doesn’t guarantee the appliance is clean. It helps detect known indicators of compromise, but absence of findings isn’t proof of safety. Results should be reviewed with the security team and combined with other analysis and tools.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by April 11, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh