CVE-2024-13161 — AI Deep Analysis Summary

🚨 **Essence**: Ivanti EPM has a critical **Absolute Path Traversal** flaw.…

🛡️ **Root Cause**: **CWE-36** (Absolute Path Traversal). <br>🔍 **Flaw**: Improper input validation in the **wildcard parameter** of the `GetHashForSingleFile` endpoint.

🏢 **Affected**: **Ivanti Endpoint Manager (EPM)**. <br>📅 **Context**: Specifically noted in Jan 2025 advisory for **EPM 2024** and **EPM 2022 SU6**.

💀 **Attacker Actions**: <br>1. **Coerce NTLM auth** via remote UNC path. <br>2. **Steal credentials** (Machine Account). <br>3. **Exfiltrate sensitive data** from the server.

⚡ **Threshold**: **LOW**. <br>🔓 **Auth**: **Unauthenticated** (No login needed). <br>🌐 **Access**: Network vector (AV:N), Low Complexity (AC:L).

💣 **Public Exp?**: **YES**. <br>📂 **PoC**: Available via **ProjectDiscovery Nuclei** templates. <br>⚠️ **Risk**: Easy to automate and exploit widely.

🔎 **Self-Check**: <br>1. Scan for **Ivanti EPM** endpoints. <br>2. Use **Nuclei** template for CVE-2024-13161. <br>3. Check for **wildcard parameter** exposure in `GetHashForSingleFile`.

🩹 **Official Fix**: **YES**. <br>📝 **Advisory**: Ivanti released security advisory in **Jan 2025**. <br>✅ **Action**: Update to the latest secure version immediately.

🚧 **No Patch?**: <br>1. **Block** external access to EPM endpoints. <br>2. **Restrict** NTLM authentication protocols. <br>3. **Monitor** for suspicious UNC path requests.

🔥 **Urgency**: **CRITICAL**. <br>⏱️ **Priority**: **P0**. <br>🚀 **Reason**: Unauthenticated, remote, high CVSS score, and active PoC exists. Patch NOW.