Path Traversal Vulnerability in Ivanti Endpoint Manager Products
CVE-2024-13159

7.5HIGH

Key Information:

Vendor
Ivanti
Vendor
CVE Published:
14 January 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 1,350πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 92%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2024-13159?

CVE-2024-13159 is a significant vulnerability affecting Ivanti Endpoint Manager products, which are designed to streamline device management and enhance security across organizational networks. This particular flaw, categorized as an absolute path traversal vulnerability, allows remote unauthenticated attackers to access sensitive information. Such exploitation could lead to unauthorized data exposure, significantly jeopardizing the confidentiality of crucial organizational data and undermining overall cybersecurity measures.

Technical Details

The vulnerability resides in Ivanti Endpoint Manager prior to the January 2025 security update and in the 2022 SU6 January security update. It enables an attacker to manipulate the file paths used by the application, allowing them to access files and directories outside of the intended scope of the application. This exploitation can occur without requiring any authentication, making it particularly dangerous.

Potential Impact of CVE-2024-13159

  1. Data Leakage: The most immediate concern is the potential for sensitive data leakage. Unauthorized access to files can lead to exposure of confidential information, including personal identifiable information (PII), intellectual property, and other critical organizational assets.

  2. Regulatory Non-compliance: Organizations may face regulatory repercussions due to inadequate protection of sensitive data. Data breaches can result in fines and loss of customer trust, especially for businesses required to adhere to regulations like GDPR or HIPAA.

  3. Increased Attack Surface: The existence of this vulnerability enhances the overall attack surface for organizations, increasing their susceptibility to further attacks. If attackers successfully exploit this flaw, they may pave the way for additional compromises within the network, potentially leading to extensive damage or disruption.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Endpoint Manager 2024 January-2025 Security Update

Endpoint Manager 2024 January-2025 Security Update

Endpoint Manager 2022 SU6 January-2025 Security Update

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.

References

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ¦…

    CISA Reported

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Help Net Security

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

.