πŸ”΄ CVE-2024-13159

Critical absolute path traversal vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access sensitive information. The vulnerability is actively exploited in the wild according to CISA KEV listing.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-14

Added to CISA KEV: 2025-03-10 55 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2024-13159 is a critical security vulnerability affecting Ivanti Endpoint Manager (EPM) that has been identified as being actively exploited in the wild [1].

Vulnerability Overview
  • Type: Absolute path traversal [4].
  • Severity: Critical, with a CVSS score of 9.8 [6].
  • Impact: Successful exploitation allows a remote, unauthenticated attacker to leak sensitive information from the affected system [3]. Furthermore, it has been noted that this vulnerability can be used in conjunction with other flaws to facilitate the coercion of machine credentials, potentially leading to broader system compromise [2].
Exploitation and Threat Landscape
  • Active Exploitation: The Cybersecurity and Infrastructure Security Agency (CISA) has officially tagged this vulnerability as being actively exploited in the wild [1].
  • Requirements: The attack is remote and does not require authentication or user interaction [5].
  • PoC Availability: Proof-of-concept (PoC) exploit code has been publicly released, increasing the risk of exploitation by various threat actors [2] [5].
Affected Versions and Mitigation
  • Affected Versions: The vulnerability affects Ivanti EPM versions prior to the following security updates:
* 2024 January-2025 Security Update [4] * 2022 SU6 January-2025 Security Update [4]
  • Status: Ivanti released patches for this vulnerability in January 2025 [1]. Organizations using Ivanti EPM are strongly advised to ensure their installations are updated to the latest security versions to mitigate the risk of exploitation.

Sources

  1. CISA tags critical Ivanti EPM flaws as actively exploited in attacks

    CVE-2024-13159 is one of the three critical vulnerabilities affecting Ivanti Endpoint Manager appliances that CISA tagged as actively exploited in attacks. The flaws can let remote unauthenticated attackers fully compromise vulnerable servers and are patched by Ivanti since January.

  2. horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities: Proof of ... - GitHub

    Proof of concept exploits for Ivanti EPM CVE-2024-13159 and others which allows for unauthenticated coercion of the Ivanti EPM machine credential for use in ...

  3. CVE-2024-13159: Ivanti EPM Path Traversal Vulnerability - SentinelOne

    CVE-2024-13159 Overview CVE-2024-13159 is an absolute path traversal vulnerability affecting Ivanti Endpoint Manager (EPM) that allows remote unauthenticated attackers to leak sensitive information from vulnerable systems. This vulnerability exists in Ivanti EPM versions prior to the 2024 January-20…

  4. CVE-2024-13159 Detail - NVD

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated ... CVE-2024-13159 is an absolute path traversal vulnerability in Ivanti Endpoint Manager (EPM) that allows a remote attacker to leak sensitive…

  5. PoC exploit for Ivanti Endpoint Manager vulnerabilities released ...

    The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers ...

  6. CVE-2024-13159 - GitHub Advisory Database

    CVE-2024-13159 is a critical vulnerability that allows a remote attacker to leak sensitive information from Ivanti EPM before the 2024 January-2025 Security Update. The vulnerability affects unknown versions of Ivanti EPM and has a CVSS score of 9.8.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed