Critical Ivanti Endpoint Manager Vulnerabilities: What Houston Businesses Need to Know

In a recent announcement, the Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, with three of them affecting Ivanti Endpoint Manager (EPM). These vulnerabilities pose significant security risks as they are actively being exploited in the wild. Let’s dive into what these vulnerabilities are, their risk levels, and how organizations can protect themselves.

  The Ivanti EPM Vulnerabilities in Detail

The three Ivanti EPM vulnerabilities recently added to CISA’s catalog are:

1. CVE-2024-13159: Absolute Path Traversal Vulnerability
2. CVE-2024-13160: Absolute Path Traversal Vulnerability
3. CVE-2024-13161: Absolute Path Traversal Vulnerability

All three vulnerabilities share the same underlying issue: absolute path traversal weaknesses that allow remote, unauthenticated attackers to leak sensitive information and potentially gain full access to vulnerable Ivanti EPM servers.

  Risk Level: CRITICAL

These vulnerabilities have been assigned a CVSS (Common Vulnerability Scoring System) score of 9.8 out of 10, categorizing them as CRITICAL. This high severity rating is due to several factors:

• They can be exploited remotely
• They require no authentication
• They require no user interaction
• They allow attackers to gain unauthorized access to sensitive information

According to Heath Renfrow, CISO and Co-founder at Fenix24, “The three Ivanti Endpoint Manager (EPM) vulnerabilities are particularly concerning due to their ability to grant remote, unauthenticated attackers full compromise of vulnerable servers.”

  Known Exploitation Methods

Security researchers have identified that these vulnerabilities are being actively exploited. After the initial disclosure in January 2025, Horizon3.ai released proof-of-concept (PoC) exploits in February demonstrating how these vulnerabilities could be used in relay attacks to:

1. Coerce Ivanti EPM machine credentials without authentication
2. Gain initial access to vulnerable systems
3. Potentially move laterally within networks
4. Access sensitive information

Chris Gray, Field CTO at Deepwatch, warns: “These flaws are known, and exploits are present. Anyone with affected systems should patch them immediately. In addition, they would be wise to consider them to already be compromised.”

  Mitigation Steps

CISA and security experts recommend the following actions to mitigate these vulnerabilities:

1. Apply Patches Immediately: Upgrade to the patched versions:
   • For EPM 2024: Install the January-2025 Security Update
   • For EPM 2022: Install the SU6 January-2025 Security Update
2. Assume Compromise: If you’ve been running vulnerable versions, assume your systems may have been compromised and conduct a thorough investigation.
3. Look for Indicators of Compromise: Check for unusual behavior patterns or unauthorized access attempts dating back to the vulnerability publication dates.
4. Network Segmentation: Implement network segmentation to limit lateral movement if systems are compromised.
5. Monitor System Activities: Enhance monitoring of system activities to detect potential exploitation attempts.

Federal Civilian Executive Branch (FCEB) agencies are required to address these flaws by March 31, 2025, in accordance with Binding Operational Directive (BOD) 22-01. While this directive specifically applies to federal agencies, CISA strongly urges all organizations to prioritize remediation of these vulnerabilities.

  How CinchOps Can Assist

Addressing critical vulnerabilities like those affecting Ivanti EPM can be challenging, especially for organizations with limited security resources. CinchOps offers comprehensive support to help protect your systems:

1. Vulnerability Assessment and Patching: Our security experts can help identify vulnerable systems and implement patches efficiently, minimizing disruption to your operations.
2. Incident Response: If your systems have already been compromised, CinchOps can provide rapid incident response services to contain the threat and restore security.
3. Security Monitoring: We offer continuous monitoring solutions to detect exploitation attempts and suspicious activities related to these and other vulnerabilities.
4. Network Segmentation Implementation: Our team can help design and implement effective network segmentation strategies to limit the impact of potential breaches.
5. Security Posture Enhancement: CinchOps provides comprehensive security assessments and recommendations to strengthen your overall security posture against current and future threats.

Discover more about our enterprise-grade and business protecting cybersecurity services on our Cybersecurity page.

Remember, in the world of cybersecurity, proactive measures are always more effective and less costly than reactive responses to security incidents

FREE SECURITY ASSESSMENT