CVE-2024-8320

Published: Sep 10, 2024Modified: Sep 12, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

Affected (8)

Products: Ivanti: Endpoint Manager

Ivanti

1 product

Endpoint Manager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager	Before 2022
Ivanti Endpoint Manager	Version 2022
Ivanti Endpoint Manager	Version 2022 su1
Ivanti Endpoint Manager	Version 2022 su2
Ivanti Endpoint Manager	Version 2022 su3
Ivanti Endpoint Manager	Version 2022 su4
Ivanti Endpoint Manager	Version 2022 su5
Ivanti Endpoint Manager	Version 2024

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Vendor Advisory

Timeline

No history available yet.