PT-2025-1133 · Ivanti · Ivanti Epm
Published
2025-01-13
·
Updated
2025-01-19
·
CVE-2024-13170
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti EPM versions prior to 2024 January-2025 Security Update
Ivanti EPM versions prior to 2022 SU6 January-2025 Security Update
Description
The issue is related to an out-of-bounds write in memory, which can be exploited by a remote unauthenticated attacker to cause a denial of service. This can lead to a disruption in service, potentially affecting the availability of the system.
Recommendations
For versions prior to 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update to resolve the issue.
For versions prior to 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update to resolve the issue.
As a temporary workaround, consider restricting access to the AlertService to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Epm