Ivanti Endpoint Manager Path Traversal Vulnerability Allowing Remote Code Execution

A path traversal vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions 2024 SU3 SR1 and prior, as well as in the 2022 version through SU8 SR2. This vulnerability allows remote, unauthenticated attackers to execute code on the affected system, although it requires user interaction. The issue arises from improper handling of file paths, which can be exploited to access restricted files or directories, leading to unauthorized code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users of Ivanti Endpoint Manager 2024 SU3 SR1 have a significantly reduced risk due to important security enhancements. For those on versions 2024 SU3 SR1 or prior, it is recommended to move to the latest version of Ivanti EPM 2024. Additionally, EPM administrators can remove the Reporting database user from their configuration to address this vulnerability, but this will disable reporting functionality.