External risk intelligence

A risk advisory title for this CVE is: Ivanti Endpoint Manager Information Disclosure via Path Traversal.

CVE advisoryKnown Exploit

CVE-2024-13160

An absolute path traversal vulnerability in Ivanti Endpoint Manager allows remote, unauthenticated attackers to leak sensitive information. This impacts organizations by potentially exposing confidential data, which could lead to business risk.

4Halo Surface Signal

Path Traversal

Ivanti Endpoint Manager

before 202220222024

External exposure likelihood

Halo Surface Signal score for CVE-2024-13160

Ivanti Endpoint Manager is an enterprise management platform often deployed as a gateway or server component. While not always exposed to the public internet by design, its role as a centralized management and deployment service frequently results in its infrastructure being exposed or reachable in edge-facing network configurations, making internet-reachable deployments common.

Horizon Alert

Summary of the vulnerability and why it matters

An absolute path traversal vulnerability has been identified in Ivanti Endpoint Manager. This flaw permits an unauthenticated attacker to access and disclose sensitive information. The potential impact could affect organizations by compromising confidential data, leading to business risk.

Ivanti Endpoint Manager
Path traversal allows information leakage
Sensitive data exposure

Attack Path

How an attacker could exploit the issue

An absolute path traversal vulnerability in Ivanti Endpoint Manager allows an unauthenticated attacker to access sensitive information. This occurs when the affected system is exposed to the network. The attacker can then leverage this exposure to exploit the vulnerability, leading to the leakage of confidential data.

Network exposure required
Attacker exploits path traversal
Sensitive information leaked

Live Threat

Current exploitation, exposure, and threat context

An absolute path traversal vulnerability in Ivanti Endpoint Manager could allow unauthenticated attackers to access sensitive information. This issue affects certain versions of Ivanti Endpoint Manager, specifically before the January 2025 security updates for both 2024 and 2022 SU6. Organizations utilizing the affected versions face potential data leakage risks.

Attackers require no specific skill level.
No special conditions are needed for exploitation.
Business risk is high due to data exposure.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An absolute path traversal vulnerability has been identified in Ivanti Endpoint Manager. This issue could allow an unauthenticated remote attacker to access sensitive information. The vendor has released security updates to address this vulnerability. Organizations should prioritize addressing this vulnerability to protect sensitive data and maintain system integrity.

Identify Ivanti Endpoint Manager assets.
Reduce exposure or isolate affected systems.
Apply vendor updates, verify fix, and monitor.

Frequently asked questions

What is Ivanti Endpoint Manager (EPM) and its function in IT environments?

Ivanti Endpoint Manager (EPM) is a tool that helps organizations manage and deploy devices and applications. IT administrators use it to control, monitor, and secure endpoints, such as computers and mobile devices, across their networks.

How does the absolute path traversal weakness in CVE-2024-13160 lead to information disclosure?

The absolute path traversal weakness (CWE-36) allows an attacker to trick the software into accessing files outside of its intended directory. This can result in the disclosure of sensitive information stored on the system.

What conditions allow an attacker to exploit the path traversal vulnerability in Ivanti EPM?

An attacker can exploit this vulnerability if the affected Ivanti Endpoint Manager system is exposed to the network. This exposure enables the attacker to leverage the path traversal flaw and leak confidential data without needing specific privileges.

What is the significance of CVE-2024-13160 for network-exposed enterprise management platforms like Ivanti EPM?

The vulnerability is significant because Ivanti EPM is often deployed as a central management service. Its frequent deployment in edge-facing configurations means it's commonly reachable, making its exposure to the internet a practical concern for many organizations.

What steps should an organization take to respond to the Ivanti EPM path traversal vulnerability?

Organizations should identify their Ivanti EPM assets, reduce or isolate exposed systems, and apply the vendor's security updates promptly. Verifying the fix and continuous monitoring are also recommended to maintain system integrity.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.