CVE Vulnerabilities

CVE-2024-13172

Improper Verification of Cryptographic Signature

Published: Jan 14, 2025 | Modified: Jul 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Endpoint_manager Ivanti * 2022 (excluding)
Endpoint_manager Ivanti 2022-su1 (including) 2022-su1 (including)
Endpoint_manager Ivanti 2022-su2 (including) 2022-su2 (including)
Endpoint_manager Ivanti 2022-su3 (including) 2022-su3 (including)
Endpoint_manager Ivanti 2022-su4 (including) 2022-su4 (including)
Endpoint_manager Ivanti 2022-su5 (including) 2022-su5 (including)
Endpoint_manager Ivanti 2024 (including) 2024 (including)

References