Main Vulnerability Database Exploits ID:11149 - Exploit for Absolute Path Traversal in Endpoint Manager - CVE-2024-13159

ID:11149 - Exploit for Absolute Path Traversal in Endpoint Manager - CVE-2024-13159

Published: February 21, 2025

Vulnerability identifier: #VU102837

Vulnerability risk: High

CVE-ID: CVE-2024-13159

CWE-ID: CWE-36

Exploitation vector: Remote access

Vulnerable software:
Endpoint Manager

Link to public exploit:

https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities

Vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient input validation. A remote non-authenticated attacker can view contents of arbitrary files on the system and use the obtain information to execute arbitrary code.

Remediation

Install updates from vendor's website.

ID:11149 - Exploit for Absolute Path Traversal in Endpoint Manager - CVE-2024-13159

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human