CVE-2024-13159

Published Jan 14, 2025

Last updated 19 days ago

Exploit knownCVSS critical 9.8

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-13159 is a credential coercion vulnerability found in Ivanti Endpoint Manager (EPM). It exists within the `GetHashForWildcardRecursive()` method of the `VulCore` class, located in the `WSVulnerabilityCore.dll` file. This method improperly validates user-supplied input, specifically the "wildcard" parameter. This oversight allows attackers to manipulate the wildcard parameter to construct a remote UNC path. Consequently, the EPM server is tricked into reading files from an attacker-specified directory. This vulnerability, along with three others (CVE-2024-10811, CVE-2024-13160, and CVE-2024-13161), can be exploited by unauthenticated attackers to potentially compromise the EPM server. Proof-of-concept exploit code has been publicly released, increasing the risk of attacks. These vulnerabilities were patched by Ivanti in January 2025. Users of affected EPM versions are strongly encouraged to apply the necessary updates.

Description
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Exploit added on
Mar 10, 2025
Exploit action due
Mar 31, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-36

Social media

Hype score
Not currently trending

  1. CISA Warns of Active Ivanti EPM Exploits – Patch Now! CISA flags three critical Ivanti Endpoint Manager (EPM) flaws as actively exploited (CVE-2024-13159, CVE-2024-13160, CVE-2024-13161), urging agencies to secure systems by March 31. Ivanti, used by 40,000 companies, has been a

    @dCypherIO

    12 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA alerted U.S. federal agencies to secure networks against three critical Ivanti Endpoint Manager vulnerabilities (CVE-2024-13159, CVE-2024-13160, CVE-2024-13161) allowing remote attacks. Horizon3. ai reported these flaws, and Ivanti patched them in January. #Security #CISA h

    @Strivehawk

    11 Mar 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. 🔴 #CISA adds three #IvantiEPM vulnerabilities to its #KEV catalog. The flaws allow unauthenticated access to sensitive files, risking system compromise: CVE-2024-13159, CVE-2024-13160, CVE-2024-13161. Due date: March 31, 2025. Patch now! 🔗 Stay alert: https://t.co/NT7oUGvF1Z

    @socradar

    11 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. KEV追加 •CVE-2025-25181 •CVE-2024-57968 •CVE-2024-13159 •CVE-2024-13160 •CVE-2024-13161

    @Deer0nSecurity

    10 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ CISA agregó tres vulnerabilidades de Ivanti Endpoint Manager (EPM), CVE-2024-13159, CVE-2024-13160 y CVE-2024-13161, a su catálogo de vulnerabilidades explotadas conocidas (KEV). Estas fallas permiten filtrar información confidencial de los sistemas. 🧉 https://t.co/y0ogZNZYF

    @MarquisioX

    10 Mar 2025

    76 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-13159 #Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability https://t.co/JfzbmP3Jq7

    @ScyScan

    10 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 ALERTĂ – Vulnerabilități critice în Ivanti 👀 🔓 Ivanti Connect Secure, Policy Secure și Endpoint Manager sunt afectate de vulnerabilități grave (CVE-2024-38657, CVE-2024-13159 și CVE-2025-22467), ce permit acces neautorizat, modificare de fișiere și execuție de cod malițios.

    @DNSC_RO

    3 Mar 2025

    132 Impressions

    3 Retweets

    1 Like

    2 Bookmarks

    1 Reply

    0 Quotes

  8. PoC Released: CVE-2024-13159 (CVSS 9.8) in Ivanti EPM Poses Severe Security Threat https://t.co/HSLuL2lRfY POC released

    @samilaiho

    25 Feb 2025

    509 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. PoC Released: CVE-2024-13159 (CVSS 9.8) in Ivanti EPM Poses Severe Security Threat https://t.co/lPSxjmzvkv

    @Dinosn

    25 Feb 2025

    2160 Impressions

    7 Retweets

    24 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  10. 🛑 UPDATE: Researchers reveal tech details on credential coercion vulnerabilities (CVE-2024-13159-13161, 10811) in Ivanti EPM. Attackers could compromise servers via relay attacks. ⚡ Patch urgently if you haven’t done so already—PoC exploit now in the wild. https://t.co/YkjMNA3z

    @achi_tech

    24 Feb 2025

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🗣 PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) https://t.co/NOiqusBR46

    @fridaysecurity

    24 Feb 2025

    3 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. https://t.co/ZYzEf3Pq9G has unveiled four critical vulnerabilities in Ivanti EPM (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159) with a CVSS score of 9.8. Major risk for server security 🌐💻 #Ivanti #Vulnerability #USA link: https://t.co/aXrPlEvX1n https://t.co/

    @TweetThreatNews

    20 Feb 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🛑 UPDATE: Researchers reveal tech details on credential coercion vulnerabilities (CVE-2024-13159-13161, 10811) in Ivanti EPM. Attackers could compromise servers via relay attacks. ⚡ Patch urgently if you haven’t done so already—PoC exploit now in the wild.… https://t.co/tRi7T5J

    @TheHackersNews

    20 Feb 2025

    14077 Impressions

    46 Retweets

    102 Likes

    16 Bookmarks

    4 Replies

    0 Quotes

  14. Critical Path Traversal Vulnerabilities (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159) in Ivanti Endpoint Manager https://t.co/gQZPuZDaBu

    @WhalersLtd

    19 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-13159 Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker … https://t.co/3qzlh1IsqY

    @CVEnew

    18 Jan 2025

    283 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Multiples critical security flaws in Ivanti Endpoint Manager: - CVE-2024-10811 - CVE-2024-13161 - CVE-2024-13160 - CVE-2024-13159 The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #InfoSec https://t

    @Patrowl_io

    17 Jan 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. #Ivanti: Researcher Uncovers Critical Vulnerabilities in Multiple Versions of Ivanti Endpoint Manager (#EPM) and Ivanti Avalanche Application Control Engine. CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 have been patched - update! 👇 https://t.co/QH98ZOYgYO

    @securestep9

    16 Jan 2025

    66 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References