CVE-2024-13172

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 14, 2025

CWE ID 347

Summary

CVE-2024-13172 is a newly disclosed vulnerability affecting Ivanti Endpoint Manager (EPM) versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. An attacker can exploit this flaw through improper signature verification, leading to remote code execution. Notably, this vulnerability permits an unauthenticated attack to succeed, but it demands local user interaction to be effective. Organizations running impacted Ivanti EPM versions are strongly urged to apply the security updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2P2v5t
https://www.cve.org/CVERecord?id=CVE-2024-13172
https://nvd.nist.gov/vuln/detail/CVE-2024-13172

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-13172

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations