Platform
windows
Component
ivanti-endpoint-manager
Fixed in
2024 November Security Update
CVE-2024-50322 describes a Path Traversal vulnerability discovered in Ivanti Endpoint Manager. This flaw allows a local, unauthenticated attacker to execute arbitrary code on the system, requiring user interaction to trigger the exploit. The vulnerability affects versions of Ivanti Endpoint Manager prior to the 2024 November Security Update and 2022 SU6 November Security Update. A patch is available from Ivanti.
The impact of this vulnerability is significant due to the potential for code execution. An attacker with local access to a system running vulnerable Ivanti Endpoint Manager can exploit this flaw to gain complete control over the endpoint. This could involve installing malware, stealing sensitive data, or pivoting to other systems on the network. The requirement for user interaction means that attackers may need to trick users into clicking malicious links or opening compromised files, but the potential for widespread compromise remains high. Given Endpoint Manager's role in managing and deploying software, a successful exploit could allow attackers to inject malicious code into updates or installations, affecting a large number of endpoints.
CVE-2024-50322 was publicly disclosed on November 12, 2024. Its exploitation probability is considered medium due to the requirement for local access and user interaction. Currently, there are no publicly available proof-of-concept exploits, but the ease of exploitation once a PoC is developed makes it a concerning vulnerability. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
14.37% (94% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-50322 is to upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If immediate patching is not possible, consider restricting local access to the Endpoint Manager server and implementing strict user awareness training to minimize the risk of user interaction. While a direct workaround is not available, monitoring for unusual file access patterns and suspicious processes can help detect potential exploitation attempts. After upgrade, confirm successful remediation by attempting to trigger the vulnerable path traversal sequence and verifying that access is denied.
Actualice Ivanti Endpoint Manager a la versión 2024 November Security Update o 2022 SU6 November Security Update para corregir la vulnerabilidad de path traversal. Esta actualización soluciona el problema que permite la ejecución de código por un atacante local no autenticado. La interacción del usuario es necesaria para explotar la vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-50322 is a Path Traversal vulnerability in Ivanti Endpoint Manager allowing local, unauthenticated attackers to potentially execute code. It has a CVSS score of 7.8 (HIGH).
You are affected if you are running Ivanti Endpoint Manager versions prior to the 2024 November Security Update or 2022 SU6 November Security Update. Check your version against the fixed versions.
Upgrade to the 2024 November Security Update or 2022 SU6 November Security Update. If immediate patching isn't possible, restrict local access and enhance user awareness.
While no public exploits are currently available, the vulnerability's ease of exploitation makes it a potential target. Monitor your systems for suspicious activity.
Refer to the official Ivanti Security Advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.