CVE-2024-13161: 
Ivanti Endpoint Manager vulnerability analysis and mitigation

Ivanti Endpoint Manager (EPM) was found to contain an absolute path traversal vulnerability (CVE-2024-13161) that affects versions before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. The vulnerability was discovered in October 2024 and was officially patched in January 2025. This security flaw allows remote unauthenticated attackers to leak sensitive information through path traversal attacks (CVE Details, CISA Alert).

The vulnerability exists in the C:\Program Files\LANDesk\ManagementSuite\WSVulnerabilityCore.dll component, specifically within the GetHashForSingleFile() method of the VulCore class. The vulnerable function accepts a string parameter called strFileName that is passed to HashCalculator.GetHashForSingleFile() without proper authentication or input validation. This implementation allows unauthenticated access to potentially dangerous functionality that can be exploited through specially crafted requests (Horizon3 Research).

The vulnerability enables credential coercion attacks that could lead to server compromise. When successfully exploited, an attacker can coerce the Ivanti EPM machine account credential to be used in relay attacks, potentially allowing for unauthorized access and sensitive information disclosure. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, indicating its significant risk to federal and private sector organizations (CISA Alert, Horizon3 Research).

Ivanti has released security updates to address this vulnerability. Organizations should apply the 2024 January-2025 Security Update or the 2022 SU6 January-2025 Security Update, depending on their EPM version. CISA strongly urges all organizations to prioritize timely remediation of this vulnerability as part of their vulnerability management practice (CVE Details, CISA Alert).