PT-2025-1124 · Ivanti · Ivanti Epm
Published
2025-01-13
·
Updated
2025-01-19
·
CVE-2024-13169
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti EPM versions prior to 2024 January-2025 Security Update
Ivanti EPM versions prior to 2022 SU6 January-2025 Security Update
Description
The issue is related to an out-of-bounds read in Ivanti EPM, which allows a local authenticated attacker to escalate their privileges. This can be exploited by a local attacker to gain higher privileges.
Recommendations
For versions prior to 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update to resolve the issue.
For versions prior to 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update to resolve the issue.
As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.
Fix
Out of bounds Read
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ivanti Epm