Pakistan’s National Computer Emergency Response Team has issued a high-severity advisory warning of active exploitation of critical zero-day vulnerabilities affecting on-premises systems of Ivanti Endpoint Manager Mobile.
According to the advisory, the vulnerabilities allow attackers to remotely execute malicious code without authentication, giving them full control over affected systems. Ivanti has confirmed the flaws, while one of the vulnerabilities has also been added to the Known Exploited Vulnerabilities catalogue maintained by the Cybersecurity and Infrastructure Security Agency, confirming real world exploitation.
National CERT said the flaws carry a critical CVSS score of 9.8 and pose serious risks to confidentiality, integrity and system availability. Successful exploitation could allow attackers to access sensitive mobile device data, disrupt mobile management operations and potentially pivot into wider enterprise or government networks.
The advisory stated that the affected products include Ivanti Endpoint Manager Mobile on premises appliances across versions 12.5.0.0 through 12.7.0.0 and earlier releases. Other Ivanti products, including Ivanti Neurons for MDM, Ivanti Endpoint Manager and Ivanti Sentry, are not impacted.
According to National CERT, the vulnerabilities stem from improper input handling that enables code injection. The exploits are described as weaponized, with a high risk of attackers installing persistent backdoors on compromised systems.
Indicators of compromise highlighted in the advisory include suspicious web requests, unexpected command execution, unauthorized administrator account creation, changes to security policies and the presence of unknown scripts or binaries on the appliance.
Internet facing Ivanti EPMM systems were identified as being at the highest risk, particularly within government departments, critical infrastructure operators and organizations managing sensitive or regulated mobile data.
National CERT has directed all affected organizations to immediately apply Ivanti’s emergency RPM patches across all systems, including high availability deployments. The advisory stressed that patching is mandatory and the only complete remediation available.
While temporary measures such as network isolation, firewall restrictions and enhanced monitoring can reduce exposure, the advisory warned that organizations should assume compromise if systems were exposed and left unpatched.
National CERT also advised affected entities to conduct forensic audits, restrict unnecessary external access and activate incident response plans to prevent long term operational, regulatory and security impacts.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.