¡¾¸´ÏÖ¡¿Ivanti Endpoint Manager MobileÔ¶³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2026-1281ºÍCVE-2026-1340£©
·¢²¼Ê±¼ä 2026-02-03Ivanti Endpoint Manager Mobile(EPMM)£¬ÔÃûMobileIron Core£¬ÊÇÈ«ÇòÁìÏÈµÄÆóÒµ¼¶Í³Ò»¶Ëµã¹ÜÀí£¨UEM£©Æ½Ì¨¡£
2026Äê1ÔÂ29ÈÕ£¬Ivanti·¢²¼¸üÐÂÐÞ¸´ÁËIvanti Endpoint Manager MobileÔ¶³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2026-1281ºÍCVE-2026-1340£©£¬CVSSÆÀ·Ö9.8·Ö£¨ÑÏÖØ£©¡£ÎÊÌâ³öÔÚIvanti EPMMÔÚ´¦ÀíÌØ¶¨URLʱ£¬Apache»áͨ¹ýRewriteMap¹¦Äܽ«URLÖеIJÎÊýÖ±½Ó´«µÝ¸øºó¶ËµÄBash½Å±¾Ö´ÐС£¹¥»÷ÕßÔڿɿصÄ×Ö·û´®´øÈëÁËËãÊõÀ©Õ¹ÉÏÏÂÎÄ£¬µ¼Ö BashµÝ¹é½âÎö±äÁ¿Ãû²¢´¥·¢ÁË·´ÒýºÅÖеĶñÒâÃüÁî¡£
¸ù¾Ý¹¥»÷Ãæ¹ÜÀíÆ½Ì¨ Censys µÄÊý¾Ý£¬½ØÖÁ 2026 Äê2 Ô 2 ÈÕ£¬»¥ÁªÍøÉÏ´æÔÚ529¸öDZÔÚµÄÒ×Êܹ¥»÷Ivanti Endpoint Manager MobileʵÀý¡£ÓÉÓÚ¸ÅÄîÑé֤©¶´ÀûÓóÌÐòÒѾ·¢²¼£¬²¢ÇҸé¶´ÒÑÔÚ»¥ÁªÍøÉϹ㷺´«²¥£¬Òò´Ë¶ÔÓÚʹÓÃIvanti Endpoint Manager MobileµÄ×éÖ¯¶øÑÔ£¬¸Ã©¶´¹¹³ÉÁËÖ±½ÓÇÒÑÏÖØµÄ·çÏÕ¡£
©¶´ÃèÊö
ÔÚIvanti Endpoint Manager MobileϵͳÖУ¬¸ÃϵͳµÄApache RewriteMapÅäÖÃÖÐÓÉÓû§ÌṩµÄÊäÈë´«µÝ¸øBash½Å±¾Ö´ÐС£ºËÐݲȫ©¶´ÊÇÒ»¸öBashËãÊõÀ©Õ¹×¢Èë©¶´£¬ÔÊÐíδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÖ´ÐÐÈÎÒâϵͳÃüÁî¡£¾ßÌåÀ´Ëµ£º
? Ivanti Endpoint Manager MobileÖ±½Ó½«URLÖÐ sha256: ºóµÄÓû§ÊäÈë´«µÝ¸øBash½Å±¾£¬×÷ΪÂß¼ÅжϵıäÁ¿£¬È±·¦ÓÐЧµÄתÒå»ò¹ýÂË¡£
? ½Å±¾ÄÚ²¿µÄËãÊõ±È½ÏÄ£¿é(( )) ´æÔڵݹé½âÎöÌØÐÔ£¬¹¥»÷ÕßÀûÓñäÁ¿¼äµÄǶÌ×ÒýÓÃʵÏÖÔ¶³Ì´úÂëÖ´ÐС£
Ivanti¹Ù·½ÃèÊöΪ£ºA code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Ó°Ï췶Χ
Ivanti Endpoint Manager Mobile < =12.5.0.0
Ivanti Endpoint Manager Mobile < =12.5.1.0
Ivanti Endpoint Manager Mobile < =12.6.0.0
Ivanti Endpoint Manager Mobile < =12.6.1.0
Ivanti Endpoint Manager Mobile < =12.7.0.0
©¶´ÔÀí
©¶´Ô´ÓÚApache HTTPdÅäÖÃÁËRewriteMap£¨mapAppStoreURL ºÍ mapAftStoreURL£©£¬Ö±½Ó½«Î´¾¹ýÂ˵ÄURL²ÎÊý´«µÝ¸øµ×²ãµÄBash½Å±¾£¬´¥·¢Â·¾¶Îª /mifs/c/appstore/fob/3/...£¬¸Ã·¾¶²»ÐèÒªÈκÎÉí·ÝÑéÖ¤£¬´úÂëÈçÏ£º
RewriteRule ^/mifs/c/appstore/fob/3/([0-9]+)/sha256:(.*)/(.*)(.ipa)$ ${mapAppStoreURL:$2_$1_$3_$4_%{HTTP_HOST}_%{ENV:SCRIPT_URL}} [T=application/octet-stream,UnsafePrefixStat]¹¥»÷Õß¿ÉÒÔͨ¹ý¿ØÖÆsha256:kid=... ºóÃæµÄ×Ö·û´®£¬½«¶ñÒâÃüÁî×¢Èëµ½Bash½Å±¾´¦ÀíÁ÷³ÌÖУ¬½Å±¾Â·¾¶£º/mi/bin/map-appstore-url£¬´úÂëÈçÏ£º

©¶´¸´ÏÖ
ÔÚyakitÖз¢ËÍPOC£¬Ö´ÐÐping dnslogÃüÁî¡£

½ÓÊÕµ½dnslogÑéÖ¤£¬¼´ping dnslogÃüÁîÖ´Ðгɹ¦¡£

°²È«½¨Òé
£¨1£©Á¢¼´Éý¼¶
Ivanti Endpoint Manager Mobile¹Ù·½ÒÑ·¢²¼°²È«¹«¸æ£¬Çë°´Ö¸µ¼½øÐÐÐÞ¸´¡£
£¨2£©ÁÙʱ»º½â´ëÊ©
Ó¦ÓÃÁÙʱRPM²¹¶¡£º
? ÊÊÓÃÓÚ12.5.0.x¡¢12.6.0.x¡¢12.7.0.x°æ±¾£ºinstall rpm url
https://username:password@support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0S-5.noarch.rpm
? ÊÊÓÃÓÚ12.5.1.0ºÍ12.6.1.0°æ±¾£ºinstall rpm url
²Î¿¼Á´½Ó£º
[1]https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US&ref=labs.watchtowr.com
mansion88Ã÷Éý»ý¼«·ÀÓùʵÑéÊÒ£¨ADLab£©
ADLab³ÉÁ¢ÓÚ1999Ä꣬ÊÇÖйú°²È«ÐÐÒµ×îÔç³ÉÁ¢µÄ¹¥·À¼¼ÊõÑо¿ÊµÑéÊÒÖ®Ò»£¬Î¢ÈíMAPP¼Æ»®ºËÐijÉÔ±£¬¡°ºÚȸ¹¥»÷¡±¸ÅÄîÊ×ÍÆÕß¡£½ØÖÁĿǰ£¬ADLabÒÑͨ¹ý CNVD/CNNVD/NVDB/CVEÀۼƷ¢²¼°²È«Â©¶´7000Óà¸ö£¬³ÖÐø±£³Ö¹ú¼ÊÍøÂ簲ȫÁìÓòÒ»Á÷Ë®×¼¡£ÊµÑéÊÒÑо¿·½Ïòº¸Ç»ù´¡°²È«Ñо¿¡¢ÔËÓªÉÌ»ù´¡ÍøÂçÉèÊ©°²È«Ñо¿¡¢Òƶ¯Öն˰²È«Ñо¿¡¢Ôư²È«Ñо¿¡¢ÐÅ´´°²È«Ñо¿¡¢ÎïÁªÍø°²È«Ñо¿¡¢³µÁªÍø°²È«Ñо¿¡¢¹¤¿Ø°²È«Ñо¿¡¢ÎÞÏß°²È«Ñо¿¡¢Êý¾Ý°²È«Ñо¿¡¢AI°²È«Ñо¿¡¢µÍ¿Õ°²È«Ñо¿¡¢¸ß¼¶ÍþвÑо¿¡¢¹¥·ÀÌåϵ½¨Éè¡£Ñо¿³É¹ûÓ¦ÓÃÓÚ²úÆ·ºËÐļ¼ÊõÑо¿¡¢¹ú¼ÒÖØµã¿Æ¼¼ÏîÄ¿¹¥¹Ø¡¢×¨Òµ°²È«·þÎñµÈ¡£



¾©¹«Íø°²±¸11010802024551ºÅ