Summary: Horizon3.ai has disclosed four critical vulnerabilities in Ivanti Endpoint Manager (EPM), which could be exploited by unauthenticated attackers to execute relay attacks using EPM machine account credentials. The flaws, tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, were patched in a January 2025 security update following their discovery in October 2024. These vulnerabilities pose significant risks, potentially leading to server compromise and affecting all connected EPM clients.
Affected: Ivanti Endpoint Manager (EPM)
Keypoints :
- Four vulnerabilities (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159) have a CVSS score of 9.8 and involve absolute path traversal issues.
- An unauthenticated attacker can exploit these flaws to perform relay attacks, risking credential compromise and unauthorized domain administrator impersonation.
- Ivanti released a second update to address issues from the initial patch, and organizations are advised to apply this second version regardless of prior updates.
Source: https://www.securityweek.com/poc-exploit-published-for-critical-ivanti-epm-vulnerabilities/