Source URL: https://www.theregister.com/2025/02/21/ivanti_traversal_flaw_poc_exploit/
Source: The Register
Title: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
Feedly Summary: PoC exploit code shows why this is a patch priority
Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven’t already installed patches released in January extra incentive to revisit their to-do lists.…
AI Summary and Description: Yes
Summary: The text discusses critical vulnerabilities in Ivanti Endpoint Manager, characterized by high CVSS severity scores, and highlights a proof-of-concept exploit that demonstrates the risks associated with these bugs. Security professionals should focus on the implications of these flaws and ensure timely patching to mitigate potential exploitation.
Detailed Description:
The content addresses security vulnerabilities in Ivanti Endpoint Manager, specifically related to absolute path traversal flaws that pose significant risks to organizations. Here’s a detailed breakdown of the key points:
– **Vulnerabilities Identified**:
– Four significant vulnerabilities within Ivanti Endpoint Manager have been identified and given a CVSS severity score of 9.8.
– These are tracked under CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159.
– **Nature of the Flaws**:
– All four vulnerabilities are categorized as absolute path traversal flaws.
– A successful exploit of these vulnerabilities would enable a remote unauthenticated attacker to leak sensitive information, particularly NTLMv2 hashes that could facilitate account impersonation and system compromise.
– **Proof-of-Concept Exploit**:
– Zach Hanley, a vulnerability researcher, developed and released a proof-of-concept exploit demonstrating how these flaws can be exploited.
– The exploit allows attackers to coerce endpoint manager machine account credentials to be used in relay attacks, ultimately leading to potential server compromise.
– **Risk of Exploitation**:
– The vulnerabilities can be triggered through web-based APIs, where attackers can manipulate directory lookups to leak sensitive hashes.
– Since the proof-of-concept code is now publicly available, the risk of exploitation heightens, prompting advisories from Ivanti to apply patches urgently.
– **Patching Guidance**:
– Ivanti released patches in January and has released a second version (V2) to address issues caused by the initial patch that affected Windows Action capabilities.
– Companies using Ivanti products are strongly encouraged to apply both the initial and the updated patches to mitigate the risk of exploitation and regain full functionality of the product.
– **Historical Context**:
– There is a history of exploits targeting Ivanti products, which underscores the need for vigilance and regular patch application.
This incident highlights the importance for security and compliance professionals to maintain robust patch management practices, especially when dealing with high-severity vulnerabilities and the evolving landscape of cybersecurity threats.