Products
Ivanti EPM
- before 2022 SU6
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Tags
CVE-2024-8441 details
Published : Sept. 10, 2024, 9:15 p.m.
Last Modified : Sept. 10, 2024, 9:15 p.m.
Last Modified : Sept. 10, 2024, 9:15 p.m.
Description
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.7 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-427 | Uncontrolled Search Path Element | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.7
Exploitability Score
0.8
Impact Score
5.9
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
This website uses the NVD API, but is not approved or certified by it.