Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Endpoint_manager | Ivanti | * | 2022 (excluding) |
Endpoint_manager | Ivanti | 2022-su1 (including) | 2022-su1 (including) |
Endpoint_manager | Ivanti | 2022-su2 (including) | 2022-su2 (including) |
Endpoint_manager | Ivanti | 2022-su3 (including) | 2022-su3 (including) |
Endpoint_manager | Ivanti | 2022-su4 (including) | 2022-su4 (including) |
Endpoint_manager | Ivanti | 2022-su5 (including) | 2022-su5 (including) |
Endpoint_manager | Ivanti | 2024 (including) | 2024 (including) |