PT-2024-34142 · Ivanti · Ivanti Endpoint Manager

Published

2024-11-12

Updated

2024-11-18

CVE-2024-50329

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update

Description: The issue allows a remote unauthenticated attacker to achieve remote code execution through path traversal. User interaction is required for exploitation.

Recommendations: For versions prior to 2024 November Security Update, update to the 2024 November Security Update or later. For versions prior to 2022 SU6 November Security Update, update to the 2022 SU6 November Security Update or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-50329

ZDI-24-1509

Affected Products

Ivanti Endpoint Manager

PT-2024-34142 · Ivanti · Ivanti Endpoint Manager

CVE-2024-50329

Weakness Enumeration

Related Identifiers

Affected Products

References · 10