Lucene search

IvantiCVELIST:CVE-2024-7570

HistoryAug 13, 2024 - 6:12 p.m.

CVE-2024-7570

2024-08-1318:12:45

CWE-295

ivanti

www.cve.org

improper certificate validation

remote attacker

mitm position

itsm access

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ITSM",
    "vendor": "Ivanti",
    "versions": [
      {
        "status": "affected",
        "version": "2023.4"
      },
      {
        "status": "unaffected",
        "version": "2023.4.0"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2024-7570