CVE-2024-8441

Summary

CVE-2024-8441 is a vulnerability affecting Ivanti Endpoint Manager (EPM) versions prior to the 2022 SU6 release and the September 2024 update, which allows local authenticated attackers with admin privileges to escalate their privileges to SYSTEM. The vulnerability arises from an uncontrolled search path element, posing a medium severity risk with a base score of 6.7 according to CVSS version 3.1. Attackers can exploit this vulnerability locally without user interaction, leading to potentially significant impacts on confidentiality, integrity, and availability. To remediate the issue, organizations are advised to update their Ivanti EPM installations to the latest versions as specified in the security advisory. If left unaddressed, this vulnerability could enable attackers to gain extensive control over affected systems within an organization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.