PT-2024-6214 · Ivanti · Ivanti Epm
Published
2024-09-10
·
Updated
2024-09-12
·
CVE-2024-8441
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti EPM versions prior to 2022 SU6
Ivanti EPM versions prior to the 2024 September update
Description
The issue is related to an uncontrolled search path in the agent of Ivanti EPM. This can be exploited by a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
Recommendations
For Ivanti EPM versions prior to 2022 SU6, update to version 2022 SU6 or later to resolve the issue.
For Ivanti EPM versions prior to the 2024 September update, apply the 2024 September update or later to fix the problem.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Epm