CVE-2024-13171
Published: 14 January 2025
Summary
CVE-2024-13171 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Ivanti EPM before the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update is affected by insufficient filename validation tracked as CVE-2024-13171. The flaw is categorized under CWE-434 and enables remote code execution on the impacted endpoint management software.
A remote unauthenticated attacker can exploit the weakness to achieve remote code execution, although successful attack requires local user interaction. The CVSS 3.1 score of 7.8 reflects an attack that needs no privileges, presents low complexity once local interaction occurs, and results in high impact to confidentiality, integrity, and availability.
The referenced Ivanti security advisory describes the January 2025 updates for both EPM 2024 and EPM 2022 SU6 that remediate the vulnerability.
The associated EPSS score is currently 0.3589 and has reached the same peak value, without indication of a material rise from a lower baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51397
Vulnerability details
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-434 unrestricted file upload of dangerous type directly enables crafting and execution of malicious files (T1204.002) that achieve RCE after user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates information input validation checks at interfaces to enforce proper filename validation and block malicious file uploads exploiting CWE-434.
Enforces restrictions on information inputs to limit dangerous file types and names, preventing unrestricted uploads that lead to RCE.
Requires timely identification, reporting, and correction of flaws like insufficient filename validation through patching as specified in Ivanti's advisory.