CVE-2024-10811
Published: 14 January 2025
Description
By responding to LLMNR/NBT-NS/mDNS network traffic, adversaries may spoof an authoritative source for name resolution to force communication with an adversary controlled system.
Security Summary
CVE-2024-10811 is an absolute path traversal vulnerability (CWE-22, CWE-36) affecting Ivanti Endpoint Manager (EPM) versions prior to the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update. Published on January 14, 2025, the flaw carries a CVSS v3.1 base score of 9.8 (Critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-accessible exploitation with low complexity, no privileges or user interaction required.
A remote unauthenticated attacker can exploit this vulnerability to leak sensitive information from affected Ivanti EPM instances. The high confidentiality impact aligns with the path traversal nature, while the elevated integrity and availability scores reflect potential broader disruption.
Ivanti's security advisory recommends applying the January-2025 Security Updates for EPM 2024 and EPM 2022 SU6 to mitigate the issue. Further technical details on related vulnerabilities, including credential coercion, are documented in Horizon3.ai's attack research blog.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Absolute path traversal vulnerability allows unauthenticated remote attackers to supply UNC paths, coercing the Ivanti EPM server machine account to authenticate via SMB to attacker-controlled shares, enabling NTLM credential capture and relay attacks.