πŸ”΄ CVE-2024-13160

CVE-2024-13160 is a critical absolute path traversal vulnerability in Ivanti Endpoint Manager that allows remote unauthenticated attackers to leak sensitive information. This vulnerability is actively exploited in the wild and listed in CISA's Known Exploited Vulnerabilities catalog.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-14

Added to CISA KEV: 2025-03-10 55 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2024-13160 is a critical security vulnerability affecting Ivanti Endpoint Manager (EPM) that allows for unauthorized access to sensitive information [1].

Vulnerability Overview
  • Type: Absolute path traversal [1].
  • Impact: Successful exploitation allows a remote, unauthenticated attacker to leak or exfiltrate sensitive information from the affected system [1] [5].
  • Severity: This is considered a critical vulnerability, with a CVSS score of 9.8 [4].
Exploitation and Attack Details
  • Attack Vector: The vulnerability is network-exploitable, meaning it can be triggered remotely [1].
  • Authentication/Interaction: No authentication or user interaction is required for an attacker to exploit this flaw [1].
  • Active Exploitation: There have been reports of active exploitation of critical vulnerabilities in Ivanti EPM, including CVE-2024-13160, in the wild [3].
Affected Versions and Remediation
  • Affected Versions: The vulnerability affects Ivanti EPM versions prior to the following security updates:
* EPM 2024: January-2025 Security Update [2] * EPM 2022 SU6: January-2025 Security Update [2]
  • Status: Users are advised to apply the January 2025 security updates provided by Ivanti to mitigate this risk [2].
Specific details regarding the use of this vulnerability in named ransomware campaigns or the public availability of specific exploit tools are not explicitly detailed in the current security advisories, though its status as a critical, actively exploited vulnerability makes it a high-priority target for threat actors.

Sources

  1. CVE-2024-13160 Detail - NVD

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated ... CVE-2024-13160 Detail Description Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2…

  2. Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 ...

    Vulnerability Details ; CVE-2024-13159. Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January- ...

  3. Active Exploitation of Critical Vulnerabilities in Ivanti Endpoint ...

    Ivanti has released updates addressing critical vulnerabilities (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) in Ivanti Endpoint Manager ...

  4. CVE-2024-13160 | CRITICAL (9.8) | CVE Lookup | Inventive HQ

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote…

  5. CVE-2024-13160 | Jamaica Cyber Incident Response Team

    Ivanti Endpoint Manager (EPM) has an absolute path traversal vulnerability that could enable a remote, unauthenticated attacker to access and exfiltrate ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed