PT-2024-6215 · Ivanti · Ivanti Epm
Published
2024-08-29
·
Updated
2024-09-12
·
CVE-2024-8321
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti EPM versions prior to 2022 SU6
Ivanti EPM versions prior to the 2024 September update
Description
The issue is related to missing authentication in the Network Isolation feature of Ivanti EPM, allowing a remote unauthenticated attacker to isolate managed devices from the network. This can lead to a denial of service.
Recommendations
For versions prior to 2022 SU6, update to 2022 SU6 or later to resolve the issue.
For versions prior to the 2024 September update, apply the 2024 September update to fix the problem.
As a temporary workaround, consider restricting access to the Network Isolation feature until a patch is available.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Epm