CVE-2024-13160
Published: 14 January 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2024-13160 is an absolute path traversal vulnerability (CWE-36) in Ivanti Endpoint Manager (EPM) versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. Published on January 14, 2025, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
A remote unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. Successful exploitation enables the attacker to leak sensitive information from the affected EPM instances.
Ivanti's January 2025 Security Advisory provides patches for EPM 2024 and EPM 2022 SU6 to mitigate this issue, and administrators should apply these updates immediately. The vulnerability is listed in the CISA Known Exploited Vulnerabilities Catalog, underscoring the need for urgent remediation.
This CVE has seen real-world exploitation, as evidenced by its CISA KEV inclusion. Additional research from Horizon3.ai discusses related credential coercion vulnerabilities in Ivanti EPM, highlighting broader risks in the product family.
Details
- CWE(s)
- KEV Date Added
- 10 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2024-13160 enables unauthenticated attackers to perform path traversal to remote UNC paths, coercing server machine account authentication for NTLM relay (T1187: Forced Authentication) and exploiting the remote service (T1210: Exploitation of Remote Services).