Unauthorized Network Isolation Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update
CVE-2024-8321

8.6HIGH

Key Information:

Vendor
Ivanti
Vendor
CVE Published:
10 September 2024

Summary

An authentication vulnerability exists in the Network Isolation feature of Ivanti Endpoint Manager. This flaw allows remote attackers to isolate managed devices from the network without proper authentication. Attackers can exploit this vulnerability on affected versions of Ivanti Endpoint Manager prior to the 2022 SU6 or the September 2024 update, leading to potential unauthorized network access and control over isolated devices.

Affected Version(s)

Endpoint Manager 2022 SU6

Endpoint Manager 2022 SU6

Endpoint Manager 2024 September Security Update

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.