Ivanti EPM Improper Signature Verification Remote Code Execution
CVE-2024-13172 Published on January 14, 2025
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Vulnerability Analysis
CVE-2024-13172 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2024-13172
Want to know whenever a new CVE is published for Ivanti Endpoint Manager? stack.watch will email you.
Affected Versions
Ivanti Endpoint Manager:- Version 2024 January-2025 Security Update is unaffected.
- Version 2022 SU6 January-2025 Security Update is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.