Summary: Horizon3.ai has released details and a proof-of-concept exploit for four critical vulnerabilities in Ivanti Endpoint Manager, highlighting risks of potential unauthorized access and server compromise. These vulnerabilities could allow attackers to manipulate machine account credentials for relay attacks, increasing risks of exploitation amid ongoing cyber threats. It is crucial for Ivanti customers to patch their systems immediately to safeguard against these risks.
Affected: Ivanti Endpoint Manager
Keypoints :
- Four critical vulnerabilities in Ivanti Endpoint Manager covered by CVEs 2024-10811, 2024-13159, 2024-13160, and 2024-13161.
- The vulnerabilities allow unauthenticated attackers to manipulate machine account credentials, leading to potential server compromises.
- Despite no exploitation in the wild so far, the publication of a PoC increases the risk of cyberattacks on unpatched systems.