Lucene search

IvantiCVELIST:CVE-2024-8441

HistorySep 10, 2024 - 9:01 p.m.

CVE-2024-8441

2024-09-1021:01:09

CWE-427

ivanti

www.cve.org

ivanti epm

uncontrolled search path

privilege escalation

cve-2024-8441

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Endpoint Manager",
    "vendor": "Ivanti",
    "versions": [
      {
        "status": "unaffected",
        "version": "2022 SU6",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "2024 September Security Update",
        "versionType": "custom"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-8441