CVE-2024-13171

CVE-2024-13171 is an insufficient filename validation vulnerability affecting Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for EPM 2024 and the 2022 SU6 January 2025 Security Update. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), enables a remote unauthenticated attacker to achieve remote code execution on the targeted system. The vulnerability stems from inadequate checks on filenames, allowing malicious files to bypass intended restrictions.

Exploitation requires local user interaction, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A remote unauthenticated attacker can leverage this issue by tricking a local user into interacting with a specially crafted file, leading to arbitrary code execution with high confidentiality, integrity, and availability impacts. The low attack complexity and lack of required privileges make it feasible for attackers with network access to deliver payloads that prompt user action.

Ivanti's security advisory for EPM January 2025, available at https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6, details the patch releases addressing this vulnerability. Security practitioners should apply the specified January 2025 Security Updates for EPM 2024 and EPM 2022 SU6 to mitigate the risk of exploitation.