AI description
CVE-2024-13159 is a credential coercion vulnerability found in Ivanti Endpoint Manager (EPM). It exists within the `GetHashForWildcardRecursive()` method of the `VulCore` class, located in the `WSVulnerabilityCore.dll` file. This method improperly validates user-supplied input, specifically the "wildcard" parameter. This oversight allows attackers to manipulate the wildcard parameter to construct a remote UNC path. Consequently, the EPM server is tricked into reading files from an attacker-specified directory. This vulnerability, along with three others (CVE-2024-10811, CVE-2024-13160, and CVE-2024-13161), can be exploited by unauthenticated attackers to potentially compromise the EPM server. Proof-of-concept exploit code has been publicly released, increasing the risk of attacks. These vulnerabilities were patched by Ivanti in January 2025. Users of affected EPM versions are strongly encouraged to apply the necessary updates.
- Description
- Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-36
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
https://t.co/ZYzEf3Pq9G has unveiled four critical vulnerabilities in Ivanti EPM (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159) with a CVSS score of 9.8. Major risk for server security 🌐💻 #Ivanti #Vulnerability #USA link: https://t.co/aXrPlEvX1n https://t.co/
@TweetThreatNews
20 Feb 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 UPDATE: Researchers reveal tech details on credential coercion vulnerabilities (CVE-2024-13159-13161, 10811) in Ivanti EPM. Attackers could compromise servers via relay attacks. ⚡ Patch urgently if you haven’t done so already—PoC exploit now in the wild.… https://t.co/tRi7T5J
@TheHackersNews
20 Feb 2025
14077 Impressions
46 Retweets
102 Likes
16 Bookmarks
4 Replies
0 Quotes
Critical Path Traversal Vulnerabilities (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159) in Ivanti Endpoint Manager https://t.co/gQZPuZDaBu
@WhalersLtd
19 Jan 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13159 Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker … https://t.co/3qzlh1IsqY
@CVEnew
18 Jan 2025
283 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Multiples critical security flaws in Ivanti Endpoint Manager: - CVE-2024-10811 - CVE-2024-13161 - CVE-2024-13160 - CVE-2024-13159 The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #InfoSec https://t
@Patrowl_io
17 Jan 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Ivanti: Researcher Uncovers Critical Vulnerabilities in Multiple Versions of Ivanti Endpoint Manager (#EPM) and Ivanti Avalanche Application Control Engine. CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 have been patched - update! 👇 https://t.co/QH98ZOYgYO
@securestep9
16 Jan 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes