Cyber Resilience

CVE-2024-13171

High

Published: 14 January 2025

Published
14 January 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.3589 97.2th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13171 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Ivanti EPM before the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update is affected by insufficient filename validation tracked as CVE-2024-13171. The flaw is categorized under CWE-434 and enables remote code execution on the impacted endpoint management software.

A remote unauthenticated attacker can exploit the weakness to achieve remote code execution, although successful attack requires local user interaction. The CVSS 3.1 score of 7.8 reflects an attack that needs no privileges, presents low complexity once local interaction occurs, and results in high impact to confidentiality, integrity, and availability.

The referenced Ivanti security advisory describes the January 2025 updates for both EPM 2024 and EPM 2022 SU6 that remediate the vulnerability.

The associated EPSS score is currently 0.3589 and has reached the same peak value, without indication of a material rise from a lower baseline.

EU & UK References

Vulnerability details

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

CWE-434 unrestricted file upload of dangerous type directly enables crafting and execution of malicious files (T1204.002) that achieve RCE after user interaction.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-9712Same product: Ivanti Endpoint Manager
CVE-2025-9872Same product: Ivanti Endpoint Manager
CVE-2024-13172Same product: Ivanti Endpoint Manager
CVE-2024-13167Same product: Ivanti Endpoint Manager
CVE-2024-13158Same product: Ivanti Endpoint Manager
CVE-2026-8110Same product: Ivanti Endpoint Manager
CVE-2025-13659Same product: Ivanti Endpoint Manager
CVE-2024-13162Same product: Ivanti Endpoint Manager
CVE-2024-13169Same product: Ivanti Endpoint Manager
CVE-2024-13165Same product: Ivanti Endpoint Manager

Affected Assets

ivanti
endpoint manager
2022, 2024 · ≤ 2022

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates information input validation checks at interfaces to enforce proper filename validation and block malicious file uploads exploiting CWE-434.

prevent

Enforces restrictions on information inputs to limit dangerous file types and names, preventing unrestricted uploads that lead to RCE.

prevent

Requires timely identification, reporting, and correction of flaws like insufficient filename validation through patching as specified in Ivanti's advisory.

References