VDB

CISA-2024-8441

CISA-2024-8441 PUBLISHED CVSS 6.7 MEDIUM

Reported by ivanti · Published September 10, 2024

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

Risk Scores

CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
IvantiEndpoint Manager2022 SU6, 2024 September Security Update
ivantiendpoint_manager0, 2024_september_update, 0
IvantiEndpoint Manager2022 SU6, 2024 September Security Update, 2022 SU6

Timeline

  • Sep 10, 2024 CVE Published
  • Sep 12, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›