CISA reports active exploitation of critical Ivanti Endpoint Manager (EPM) flaws
Take action: If you still haven't patched your Ivanti EPM, for the January flaws, you are way behind. Hackers - as expected - are actively hunting you. At any rate, review if you can isolate EPM from the internet to give yourself some breathing room. And start patching IMMEDIATELY.
Learn More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reporting active exploitation of three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM).
The flaws were reported and patched in January, and a PoC exploit is published at the end of February 2025.
- CVE-2024-13159 (CVSS score 9.8): An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information
- CVE-2024-13160 (CVSS score 9.8): An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information
- CVE-2024-13161 (CVSS score 9.8): An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information
The addition of these vulnerabilities to the KEV catalog typically requires federal agencies to remediate them according to specific timelines. However, given the critical nature of these flaws and evidence of active exploitation, all organizations using Ivanti Endpoint Manager should prioritize patching these vulnerabilities immediately.
