Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Known Exploited Vulnerabilities CVE-2024-13161

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2024-13161	Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments An attacker can exploit this vulnerability to coerce credential relay attacks and gain access to sensitive information. References https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities
CVE-2024-13161	Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability	exploitation_technique	T1558	Steal or Forge Kerberos Tickets	Comments An attacker can exploit this vulnerability to coerce credential relay attacks and gain access to sensitive information. References https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities
CVE-2024-13161	Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability	primary_impact	T1550.002	Pass the Hash	Comments An attacker can exploit this vulnerability to coerce credential relay attacks and gain access to sensitive information. References https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities
CVE-2024-13161	Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability	secondary_impact	T1087	Account Discovery	Comments An attacker can exploit this vulnerability to coerce credential relay attacks and gain access to sensitive information. References https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities