Lucene search

3c1d8aa1-5a33-4ea4-8992-aadd6440af75NVD:CVE-2024-7570

HistoryAug 13, 2024 - 7:15 p.m.

CVE-2024-7570

2024-08-1319:15:16

CWE-295

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

web.nvd.nist.gov

ivanti itsm

certificate validation

remote attacker

mitm

token

unauthorized access

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.

Affected configurations

Nvd

Node

ivantineurons_for_itsmMatch2023.2

ivantineurons_for_itsmMatch2023.3

ivantineurons_for_itsmMatch2023.4

VendorProductVersionCPE
ivantineurons_for_itsm2023.2cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
ivantineurons_for_itsm2023.3cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
ivantineurons_for_itsm2023.4cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	neurons_for_itsm	2023.2	cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:::::::*
ivanti	neurons_for_itsm	2023.3	cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:::::::*
ivanti	neurons_for_itsm	2023.4	cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:::::::*

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Related for NVD:CVE-2024-7570