CVE-2024-13172

CVE-2024-13172 is an improper signature verification vulnerability (CWE-347) in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for EPM 2024 and the January 2025 Security Update for EPM 2022 SU6. This flaw enables a remote unauthenticated attacker to achieve remote code execution on affected systems, though it requires local user interaction. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability with low attack complexity but local access vector and user interaction prerequisites.

Exploitation requires a remote unauthenticated attacker to deliver a malicious payload that exploits the signature verification bypass, combined with local user interaction such as opening or executing a crafted file or component. No privileges are needed (PR:N), allowing an attacker to gain code execution on the target endpoint once the interaction occurs, potentially leading to full system compromise.

Ivanti's security advisory details mitigation through deployment of the January 2025 Security Updates for the affected EPM 2024 and EPM 2022 SU6 versions. Practitioners should consult the official advisory at https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 for patch instructions, verification steps, and additional guidance on securing endpoints.