CVE-2024-44107

Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions 10.18.0.0 and below

Description: The issue is related to an uncontrolled search path element in the Ivanti Workspace Control software, which can be exploited to allow an attacker to escalate their privileges and execute arbitrary code. This can be achieved through DLL hijacking in the management console. A local authenticated attacker can exploit this issue.

Recommendations: For Ivanti Workspace Control versions 10.18.0.0 and below, consider disabling the management console until a patch is available to prevent local attackers from escalating their privileges and executing arbitrary code. Restrict access to the management console to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.