.png)
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers.
The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials for relay attacks and, ultimately, to compromise the Ivanti EPM server.
“Compromising the Endpoint Manager server itself would lead to the ability to compromise all of the EPM clients, making this avenue especially impactful,” Horizon3.ai researcher Zach Hanley explained last week, though he also noted that the impact of the exploitation would depend on the targeted environment.
The vulnerabilities
CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 are all path traversal flaws that could lead to leaking of sensitive information. Hanley disclosed them to Ivanti in October 2024.
Fixes for these and a dozen other less severe vulnerabilities were released by Ivanti in January 2025, and customers were urged to implement hot patches.
At the time, Ivanti confirmed that none of the flaws were under active exploitation, and that hasn’t changed.
But with the release of the PoC and the technical write-up, some attackers may have enough information and knowledge to fashion and leverage an exploit of their own.
Attackers have targeted vulnerable Ivanti Endpoint Manager appliances in the past, as well as other Ivanti enterprise solutions.
If you haven’t already upgraded to one of the fixed versions – EPM 2024 January-2025 Security Update or EPM 2022 SU6 January-2025 Security Update – you should do so now. In fact, even those that implemented an initial hotfix should update again, because that patch crippled a specific function of the software.
from Help Net Security https://ift.tt/FpgjwWi
0 comments:
Post a Comment