Platform
ivanti
Component
ivanti-endpoint-manager
CVE-2024-13158 describes a remote code execution (RCE) vulnerability within Ivanti Endpoint Manager. This flaw stems from an unbounded resource search path, allowing a malicious, authenticated administrator to execute arbitrary code on the affected system. The vulnerability impacts versions of Ivanti Endpoint Manager prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. Applying the designated security update is the primary remediation.
Successful exploitation of CVE-2024-13158 grants an attacker complete control over the compromised Ivanti Endpoint Manager server. Given the role of Ivanti Endpoint Manager in managing endpoints, this could lead to widespread compromise across the organization. An attacker could deploy malware, steal sensitive data, or establish a persistent foothold within the network. The ability to execute code remotely, combined with administrative privileges, significantly expands the potential blast radius. This vulnerability shares similarities with other resource exhaustion vulnerabilities where attackers can leverage flawed search paths to gain unauthorized access and control.
CVE-2024-13158 was publicly disclosed on January 14, 2025. Its inclusion in the CISA KEV catalog is pending. Public proof-of-concept (PoC) code is not currently available, but the vulnerability's nature and potential impact suggest a high probability of exploitation. Active campaigns targeting Ivanti products have been observed in the past, increasing the likelihood of this vulnerability being targeted.
Exploit Status
EPSS
21.47% (96% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13158 is to upgrade to the 2024 January-2025 Security Update or later. If immediate patching is not feasible, consider restricting administrative access to the Ivanti Endpoint Manager server. Implement strict network segmentation to limit lateral movement if the server is compromised. While a WAF might not directly prevent this vulnerability, it can help detect and block suspicious requests. Monitor Ivanti Endpoint Manager logs for unusual activity, particularly related to resource searches. After upgrading, verify the fix by attempting to reproduce the vulnerability using the documented attack vector and confirming that the search path is now properly bounded.
Aplique las actualizaciones de seguridad de enero de 2025 para Ivanti EPM 2024 y EPM 2022 SU6. Estas actualizaciones corrigen la vulnerabilidad de la ruta de búsqueda de recursos no limitada y previenen la posible ejecución remota de código.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13158 is a remote code execution vulnerability in Ivanti Endpoint Manager, allowing authenticated admins to execute code via an unbounded resource search path.
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 January-2025 Security Update or 2022 SU6 January-2025 Security Update.
Upgrade to the 2024 January-2025 Security Update or later to resolve the vulnerability. Consider restricting admin access as a temporary workaround.
While no public exploits are currently available, the vulnerability's severity and potential impact suggest a high probability of exploitation.
Refer to the official Ivanti security advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.