VDB
CISA-2024-8441
CISA-2024-8441
PUBLISHED
CVSS 6.7 MEDIUM
Reported by ivanti · Published September 10, 2024
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
Risk Scores
CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Endpoint Manager | 2022 SU6, 2024 September Security Update |
| ivanti | endpoint_manager | 0, 2024_september_update, 0 |
| Ivanti | Endpoint Manager | 2022 SU6, 2024 September Security Update, 2022 SU6 |
Timeline
- Sep 10, 2024 CVE Published
- Sep 12, 2024 CVE Updated