CVE-2024-13161
Published: 14 January 2025
Summary
CVE-2024-13161 is a critical-severity Absolute Path Traversal (CWE-36) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Forced Authentication (T1187); ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-13161 is an absolute path traversal vulnerability, tracked under CWE-36, that affects Ivanti Endpoint Manager (EPM) prior to the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update. The flaw permits remote, unauthenticated access to arbitrary files on the affected system, resulting in disclosure of sensitive information and carrying a CVSS 3.1 base score of 9.8.
A remote attacker with no credentials or user interaction can send crafted requests that traverse the filesystem and retrieve protected data. Successful exploitation can lead to full compromise of confidentiality, integrity, and availability on the target EPM instance.
Ivanti’s January 2025 security advisory directs customers to apply the listed updates for both EPM 2024 and EPM 2022 SU6 branches. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score has reached a peak of 0.9271 with a current value of 0.9177, indicating sustained attacker interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51387
Vulnerability details
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
- CWE(s)
- KEV Date Added
- 10 March 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Absolute path traversal vulnerability in Ivanti EPM allows unauthenticated remote attackers to coerce machine account NTLM authentication to attacker-controlled UNC/SMB shares, enabling Forced Authentication (T1187) for potential relay attacks.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2024-13161 by requiring timely application of Ivanti's January-2025 security updates to remediate the path traversal flaw.
Prevents absolute path traversal exploitation in Ivanti EPM by enforcing input validation mechanisms at entry points to block unauthorized directory access.
Mitigates sensitive information leakage from path traversal by filtering outputs prior to transmission, reducing the impact of successful exploits.