An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Sep 2024, 21:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti endpoint Manager
Ivanti |
|
CPE | cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:* |
|
References | () https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 - Vendor Advisory |
11 Sep 2024, 16:26
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Sep 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 21:15
Updated : 2024-09-12 21:53
NVD link : CVE-2024-8441
Mitre link : CVE-2024-8441
CVE.ORG link : CVE-2024-8441
JSON object : View
Products Affected
ivanti
- endpoint_manager
CWE
CWE-427
Uncontrolled Search Path Element