¡¾¸´ÏÖ¡¿Ivanti Endpoint Manager MobileÔ¶³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2026-1281ºÍCVE-2026-1340£©

·¢²¼Ê±¼ä 2026-02-03

Ivanti Endpoint Manager Mobile(EPMM)£¬Ô­ÃûMobileIron Core£¬ÊÇÈ«ÇòÁìÏÈµÄÆóÒµ¼¶Í³Ò»¶Ëµã¹ÜÀí£¨UEM£©Æ½Ì¨¡£


2026Äê1ÔÂ29ÈÕ£¬Ivanti·¢²¼¸üÐÂÐÞ¸´ÁËIvanti Endpoint Manager MobileÔ¶³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2026-1281ºÍCVE-2026-1340£©£¬CVSSÆÀ·Ö9.8·Ö£¨ÑÏÖØ£©¡£ÎÊÌâ³öÔÚIvanti EPMMÔÚ´¦ÀíÌØ¶¨URLʱ£¬Apache»áͨ¹ýRewriteMap¹¦Äܽ«URLÖеIJÎÊýÖ±½Ó´«µÝ¸øºó¶ËµÄBash½Å±¾Ö´ÐС£¹¥»÷ÕßÔڿɿصÄ×Ö·û´®´øÈëÁËËãÊõÀ©Õ¹ÉÏÏÂÎÄ£¬µ¼Ö BashµÝ¹é½âÎö±äÁ¿Ãû²¢´¥·¢ÁË·´ÒýºÅÖеĶñÒâÃüÁî¡£


¸ù¾Ý¹¥»÷Ãæ¹ÜÀíÆ½Ì¨ Censys µÄÊý¾Ý£¬½ØÖÁ 2026 Äê2 Ô 2 ÈÕ£¬»¥ÁªÍøÉÏ´æÔÚ529¸öDZÔÚµÄÒ×Êܹ¥»÷Ivanti Endpoint Manager MobileʵÀý¡£ÓÉÓÚ¸ÅÄîÑé֤©¶´ÀûÓóÌÐòÒѾ­·¢²¼£¬²¢ÇҸé¶´ÒÑÔÚ»¥ÁªÍøÉϹ㷺´«²¥£¬Òò´Ë¶ÔÓÚʹÓÃIvanti Endpoint Manager MobileµÄ×éÖ¯¶øÑÔ£¬¸Ã©¶´¹¹³ÉÁËÖ±½ÓÇÒÑÏÖØµÄ·çÏÕ¡£


©¶´ÃèÊö


ÔÚIvanti Endpoint Manager MobileϵͳÖУ¬¸ÃϵͳµÄApache RewriteMapÅäÖÃÖÐÓÉÓû§ÌṩµÄÊäÈë´«µÝ¸øBash½Å±¾Ö´ÐС£ºËÐݲȫ©¶´ÊÇÒ»¸öBashËãÊõÀ©Õ¹×¢Èë©¶´£¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÖ´ÐÐÈÎÒâϵͳÃüÁî¡£¾ßÌåÀ´Ëµ£º


    ? Ivanti Endpoint Manager MobileÖ±½Ó½«URLÖРsha256: ºóµÄÓû§ÊäÈë´«µÝ¸øBash½Å±¾£¬×÷ΪÂß¼­ÅжϵıäÁ¿£¬È±·¦ÓÐЧµÄתÒå»ò¹ýÂË¡£

    ? ½Å±¾ÄÚ²¿µÄËãÊõ±È½ÏÄ £¿é(( )) ´æÔڵݹé½âÎöÌØÐÔ£¬¹¥»÷ÕßÀûÓñäÁ¿¼äµÄǶÌ×ÒýÓÃʵÏÖÔ¶³Ì´úÂëÖ´ÐС£


Ivanti¹Ù·½ÃèÊöΪ£ºA code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.


Ó°Ï췶Χ


Ivanti Endpoint Manager Mobile < =12.5.0.0

Ivanti Endpoint Manager Mobile < =12.5.1.0

Ivanti Endpoint Manager Mobile < =12.6.0.0

Ivanti Endpoint Manager Mobile < =12.6.1.0

Ivanti Endpoint Manager Mobile < =12.7.0.0


©¶´Ô­Àí


©¶´Ô´ÓÚApache HTTPdÅäÖÃÁËRewriteMap£¨mapAppStoreURL ºÍ mapAftStoreURL£©£¬Ö±½Ó½«Î´¾­¹ýÂ˵ÄURL²ÎÊý´«µÝ¸øµ×²ãµÄBash½Å±¾£¬´¥·¢Â·¾¶Îª /mifs/c/appstore/fob/3/...£¬¸Ã·¾¶²»ÐèÒªÈκÎÉí·ÝÑéÖ¤£¬´úÂëÈçÏ£º


    RewriteRule ^/mifs/c/appstore/fob/3/([0-9]+)/sha256:(.*)/(.*)(.ipa)$ ${mapAppStoreURL:$2_$1_$3_$4_%{HTTP_HOST}_%{ENV:SCRIPT_URL}} [T=application/octet-stream,UnsafePrefixStat]


    ¹¥»÷Õß¿ÉÒÔͨ¹ý¿ØÖÆsha256:kid=... ºóÃæµÄ×Ö·û´®£¬½«¶ñÒâÃüÁî×¢Èëµ½Bash½Å±¾´¦ÀíÁ÷³ÌÖУ¬½Å±¾Â·¾¶£º/mi/bin/map-appstore-url£¬´úÂëÈçÏ£º


    ͼƬ1.png


    ©¶´¸´ÏÖ


    ÔÚyakitÖз¢ËÍPOC£¬Ö´ÐÐping dnslogÃüÁî¡£


    ͼƬ2.png


    ½ÓÊÕµ½dnslogÑéÖ¤£¬¼´ping dnslogÃüÁîÖ´Ðгɹ¦¡£


    ͼƬ3.png


    °²È«½¨Òé


      £¨1£©Á¢¼´Éý¼¶

      Ivanti Endpoint Manager Mobile¹Ù·½ÒÑ·¢²¼°²È«¹«¸æ£¬Çë°´Ö¸µ¼½øÐÐÐÞ¸´¡£


      £¨2£©ÁÙʱ»º½â´ëÊ©

      Ó¦ÓÃÁÙʱRPM²¹¶¡£º

      ? ÊÊÓÃÓÚ12.5.0.x¡¢12.6.0.x¡¢12.7.0.x°æ±¾£ºinstall rpm url 

      https://username:password@support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0S-5.noarch.rpm

      ÊÊÓÃÓÚ12.5.1.0ºÍ12.6.1.0°æ±¾£ºinstall rpm url

      https://username:password@support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0L-5.noarch.rpm


      ²Î¿¼Á´½Ó£º


      [1]https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US&ref=labs.watchtowr.com


      mansion88Ã÷Éý»ý¼«·ÀÓùʵÑéÊÒ£¨ADLab£©


      ADLab³ÉÁ¢ÓÚ1999Ä꣬ÊÇÖйú°²È«ÐÐÒµ×îÔç³ÉÁ¢µÄ¹¥·À¼¼ÊõÑо¿ÊµÑéÊÒÖ®Ò»£¬Î¢ÈíMAPP¼Æ»®ºËÐijÉÔ±£¬¡°ºÚȸ¹¥»÷¡±¸ÅÄîÊ×ÍÆÕß¡£½ØÖÁĿǰ£¬ADLabÒÑͨ¹ý CNVD/CNNVD/NVDB/CVEÀۼƷ¢²¼°²È«Â©¶´7000Óà¸ö£¬³ÖÐø±£³Ö¹ú¼ÊÍøÂ簲ȫÁìÓòÒ»Á÷Ë®×¼¡£ÊµÑéÊÒÑо¿·½Ïòº­¸Ç»ù´¡°²È«Ñо¿¡¢ÔËÓªÉÌ»ù´¡ÍøÂçÉèÊ©°²È«Ñо¿¡¢Òƶ¯Öն˰²È«Ñо¿¡¢Ôư²È«Ñо¿¡¢ÐÅ´´°²È«Ñо¿¡¢ÎïÁªÍø°²È«Ñо¿¡¢³µÁªÍø°²È«Ñо¿¡¢¹¤¿Ø°²È«Ñо¿¡¢ÎÞÏß°²È«Ñо¿¡¢Êý¾Ý°²È«Ñо¿¡¢AI°²È«Ñо¿¡¢µÍ¿Õ°²È«Ñо¿¡¢¸ß¼¶ÍþвÑо¿¡¢¹¥·ÀÌåϵ½¨Éè¡£Ñо¿³É¹ûÓ¦ÓÃÓÚ²úÆ·ºËÐļ¼ÊõÑо¿¡¢¹ú¼ÒÖØµã¿Æ¼¼ÏîÄ¿¹¥¹Ø¡¢×¨Òµ°²È«·þÎñµÈ¡£


      adlab.jpg