CVE-2024-13163
Published: 14 January 2025
Summary
CVE-2024-13163 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a deserialization of untrusted data flaw, tracked as CWE-502, that affects Ivanti EPM prior to the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update. It carries a CVSS 3.1 base score of 7.8 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
A remote unauthenticated attacker can leverage the issue to obtain remote code execution on affected systems, although successful exploitation requires local user interaction.
The referenced Ivanti security advisory describes the January 2025 updates that address the flaw in both the 2024 and 2022 SU6 release streams. The associated EPSS score has remained flat at 0.3228 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51389
Vulnerability details
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization flaw enables unauthenticated RCE; directly maps to public-facing app exploitation (T1190) and client-side execution via malicious input (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the deserialization of untrusted data vulnerability by requiring timely application of Ivanti's January 2025 security patches for EPM.
Prevents exploitation of CWE-502 by enforcing validation and error handling of untrusted input data prior to deserialization.
Mitigates remote code execution from deserialization exploits through memory protections like DEP and ASLR.