Plattform
ivanti
Komponente
ivanti-endpoint-manager
CVE-2024-13158 describes a remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager (EPM) versions before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. This flaw allows a remote, authenticated attacker with administrative privileges to execute arbitrary code on the affected system. The vulnerability stems from an unbounded resource search path, making it relatively easy to exploit. Affected versions include those prior to the specified security update.
The impact of CVE-2024-13158 is significant due to the potential for remote code execution. A successful exploit allows an attacker with administrative access to completely compromise the affected Ivanti Endpoint Manager server. This could lead to data exfiltration, system takeover, and the deployment of malware. Given Ivanti EPM's role in managing endpoints, attackers could leverage this vulnerability to gain a foothold within an organization's network and move laterally to other systems. The ability to execute arbitrary code effectively grants the attacker complete control over the compromised server and potentially the entire network it manages. This vulnerability shares similarities with other resource exhaustion vulnerabilities that have led to full system compromise.
CVE-2024-13158 was publicly disclosed on January 14, 2025. The vulnerability's ease of exploitation and the critical nature of Ivanti Endpoint Manager suggest a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept (POC) code has been publicly released at the time of writing, but the vulnerability's nature makes it likely that one will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on Ivanti Endpoint Manager for endpoint management are at significant risk. This includes enterprises with complex endpoint deployments, those using legacy configurations of Ivanti Endpoint Manager, and organizations that have not consistently applied security updates. Shared hosting environments utilizing Ivanti Endpoint Manager are also particularly vulnerable due to the potential for cross-tenant exploitation.
• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1001 and ProviderName = 'Ivanti Endpoint Manager'" | Where-Object {$_.Message -match 'resource search'}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -match 'Ivanti Endpoint Manager'}• windows / supply-chain:
reg query "HKLM\SOFTWARE\Ivanti\Endpoint Manager" /v SearchPathdisclosure
Exploit-Status
EPSS
21.47% (96% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-13158 is to upgrade Ivanti Endpoint Manager to the 2024 January-2025 Security Update or 2022 SU6 January-2025 Security Update. If immediate patching is not possible, consider restricting administrative access to the EPM server and implementing stricter authentication controls. While not a complete solution, a Web Application Firewall (WAF) configured to block requests containing potentially malicious resource paths might offer limited protection. Monitor EPM logs for unusual activity, particularly requests involving file system access. After upgrading, confirm the vulnerability is resolved by attempting to reproduce the exploit scenario and verifying that it fails.
Aplique las actualizaciones de seguridad de enero de 2025 para Ivanti EPM 2024 y EPM 2022 SU6. Estas actualizaciones corrigen la vulnerabilidad de la ruta de búsqueda de recursos no limitada y previenen la posible ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-13158 is a remote code execution vulnerability in Ivanti Endpoint Manager, allowing authenticated admins to execute code via an unbounded resource search path.
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 January-2025 Security Update or 2022 SU6 January-2025 Security Update.
Upgrade to the 2024 January-2025 Security Update or later to resolve the vulnerability. Consider restricting admin access as a temporary workaround.
While no public exploits are currently available, the vulnerability's severity and potential impact suggest a high probability of exploitation.
Refer to the official Ivanti security advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.