PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials for relay attacks and, ultimately, to compromise the Ivanti EPM server. “Compromising the Endpoint Manager server itself would lead to the ability to compromise all of the EPM clients, making this avenue especially impactful,” Horizon3.ai … Continue reading PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)