PT-2025-1125 · Ivanti · Ivanti Epm

Published

2025-01-13

Updated

2025-03-10

CVE-2024-13171

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update Ivanti EPM versions before 2022 SU6 January-2025 Security Update

Description The issue is related to insufficient filename validation, which can allow a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required for exploitation.

Recommendations For Ivanti EPM versions before 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update. For Ivanti EPM versions before 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update. As a temporary workaround, consider restricting access to the file upload functionality until the issue is resolved.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2025-00397

CVE-2024-13171

ZDI-25-114

Affected Products

Ivanti Epm

PT-2025-1125 · Ivanti · Ivanti Epm

CVE-2024-13171

Weakness Enumeration

Related Identifiers

Affected Products

References · 6