Lucene search

3c1d8aa1-5a33-4ea4-8992-aadd6440af75NVD:CVE-2024-8321

HistorySep 10, 2024 - 9:15 p.m.

CVE-2024-8321

2024-09-1021:15:15

CWE-306

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

web.nvd.nist.gov

ivanti epm

network isolation

authentication

remote

unauthenticated

attacker

managed devices

cve-2024-8321

september update

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

Affected configurations

Nvd

Node

ivantiendpoint_managerRange<2022

ivantiendpoint_managerMatch2022-

ivantiendpoint_managerMatch2022su1

ivantiendpoint_managerMatch2022su2

ivantiendpoint_managerMatch2022su3

ivantiendpoint_managerMatch2022su4

ivantiendpoint_managerMatch2022su5

ivantiendpoint_managerMatch2024-

VendorProductVersionCPE
ivantiendpoint_manager*cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
ivantiendpoint_manager2022cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
ivantiendpoint_manager2022cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
ivantiendpoint_manager2022cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
ivantiendpoint_manager2022cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
ivantiendpoint_manager2022cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
ivantiendpoint_manager2022cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
ivantiendpoint_manager2024cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	endpoint_manager	*	cpe:2.3:a:ivanti:endpoint_manager::::::::
ivanti	endpoint_manager	2022	cpe:2.3:a:ivanti:endpoint_manager:2022:-::::::
ivanti	endpoint_manager	2022	cpe:2.3:a:ivanti:endpoint_manager:2022:su1::::::
ivanti	endpoint_manager	2022	cpe:2.3:a:ivanti:endpoint_manager:2022:su2::::::
ivanti	endpoint_manager	2022	cpe:2.3:a:ivanti:endpoint_manager:2022:su3::::::
ivanti	endpoint_manager	2022	cpe:2.3:a:ivanti:endpoint_manager:2022:su4::::::
ivanti	endpoint_manager	2022	cpe:2.3:a:ivanti:endpoint_manager:2022:su5::::::
ivanti	endpoint_manager	2024	cpe:2.3:a:ivanti:endpoint_manager:2024:-::::::

References

forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-8321