CVE-2024-13172

High

Published: 14 January 2025

Published

14 January 2025

Modified

11 July 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0052 66.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13172 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 33.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the improper signature verification flaw by applying Ivanti's January 2025 Security Updates for EPM 2024 and 2022 SU6.

CM-14 Signed Components good match

prevent

Requires enforcement of signed components, directly countering the CWE-347 improper signature verification that enables malicious payload execution.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Verifies software integrity using validation techniques like cryptographic signatures, mitigating bypasses of signature checks in Ivanti EPM.

NVD Description

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

Deeper analysisAI

CVE-2024-13172 is an improper signature verification vulnerability (CWE-347) in Ivanti Endpoint Manager (EPM) versions prior to the January 2025 Security Update for EPM 2024 and the January 2025 Security Update for EPM 2022 SU6. This flaw enables a remote unauthenticated attacker to achieve remote code execution on affected systems, though it requires local user interaction. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability with low attack complexity but local access vector and user interaction prerequisites.

Exploitation requires a remote unauthenticated attacker to deliver a malicious payload that exploits the signature verification bypass, combined with local user interaction such as opening or executing a crafted file or component. No privileges are needed (PR:N), allowing an attacker to gain code execution on the target endpoint once the interaction occurs, potentially leading to full system compromise.

Ivanti's security advisory details mitigation through deployment of the January 2025 Security Updates for the affected EPM 2024 and EPM 2022 SU6 versions. Practitioners should consult the official advisory at https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 for patch instructions, verification steps, and additional guidance on securing endpoints.

Details

CWE(s): CWE-347

Affected Products

ivanti

endpoint manager

2022, 2024 · ≤ 2022

CVEs Like This One

CVE-2025-9872Same product: Ivanti Endpoint Manager

CVE-2025-9712Same product: Ivanti Endpoint Manager

CVE-2024-13167Same product: Ivanti Endpoint Manager

CVE-2024-13169Same product: Ivanti Endpoint Manager

CVE-2024-13170Same product: Ivanti Endpoint Manager

CVE-2024-13168Same product: Ivanti Endpoint Manager

CVE-2025-13659Same product: Ivanti Endpoint Manager

CVE-2024-13158Same product: Ivanti Endpoint Manager

CVE-2024-13159Same product: Ivanti Endpoint Manager

CVE-2024-13163Same product: Ivanti Endpoint Manager

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6
Vendor Advisory · 3c1d8aa1-5a33-4ea4-8992-aadd6440af75