Path Traversal Vulnerability in Ivanti Endpoint Manager Products
CVE-2024-13159
Key Information:
- Vendor
- Ivanti
- Status
- Vendor
- CVE Published:
- 14 January 2025
Badges
What is CVE-2024-13159?
CVE-2024-13159 is a significant vulnerability affecting Ivanti Endpoint Manager products, which are designed to streamline device management and enhance security across organizational networks. This particular flaw, categorized as an absolute path traversal vulnerability, allows remote unauthenticated attackers to access sensitive information. Such exploitation could lead to unauthorized data exposure, significantly jeopardizing the confidentiality of crucial organizational data and undermining overall cybersecurity measures.
Technical Details
The vulnerability resides in Ivanti Endpoint Manager prior to the January 2025 security update and in the 2022 SU6 January security update. It enables an attacker to manipulate the file paths used by the application, allowing them to access files and directories outside of the intended scope of the application. This exploitation can occur without requiring any authentication, making it particularly dangerous.
Potential Impact of CVE-2024-13159
-
Data Leakage: The most immediate concern is the potential for sensitive data leakage. Unauthorized access to files can lead to exposure of confidential information, including personal identifiable information (PII), intellectual property, and other critical organizational assets.
-
Regulatory Non-compliance: Organizations may face regulatory repercussions due to inadequate protection of sensitive data. Data breaches can result in fines and loss of customer trust, especially for businesses required to adhere to regulations like GDPR or HIPAA.
-
Increased Attack Surface: The existence of this vulnerability enhances the overall attack surface for organizations, increasing their susceptibility to further attacks. If attackers successfully exploit this flaw, they may pave the way for additional compromises within the network, potentially leading to extensive damage or disruption.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Endpoint Manager 2024 January-2025 Security Update
Endpoint Manager 2024 January-2025 Security Update
Endpoint Manager 2022 SU6 January-2025 Security Update
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π
Vulnerability started trending
- π°
First article discovered by Help Net Security
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published