VDB
CVE-2024-8441
CVE-2024-8441
PUBLISHED
Es besteht eine Schwachstelle in Ivanti Endpoint Manager aufgrund eines unkontrollierten Suchpfads im Agenten. Ein lokaler Angreifer mit administrativen Rechten kann diese Schwachstelle ausnutzen, um seine Rechte auf Systemrechte auszuweiten.
EPSS 0.66% · 71.5th percentile
Risk Scores
EPSS Score
0.66%
71.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Ivanti Endpoint Manager <2024 SU1 | |
| Ivanti | Ivanti Endpoint Manager <2024 Security Patch | |
| Ivanti | Ivanti Endpoint Manager <2022 SU6 |
Timeline
- Sep 10, 2024 CVE Published
- Sep 11, 2024 EPSS Score
- Sep 12, 2024 CVE Updated
- Oct 1, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 9, 2024 EPSS Score
- Nov 29, 2024 EPSS Score
- Dec 20, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 17, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2109.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2109 advisory
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US advisory
- https://summoning.team/blog/ivanti-epm-cve-2024-29847-deserialization-rce/ advisory