H3-2024-0053¶

Ivanti Endpoint Manager Multiple NTLM Credential Coercion Vulnerabilities

Description¶

The Ivanti Endpoint Manager server exposes an endpoint which performs dangerous functionality, without authentication, allowing an attacker to coerce the server to reach out to remote file servers.

Impact¶

An attacker who abuses this vulnerability is able to coerce the server to authenticate using the server's machine account, which may be relayed in attacks to fully compromise the server or gain access to active directory resources.

References¶

• Ivanti Advisory for Credential Coercion Vulnerabilities
• NVD: CVE-2024-10811
• NVD: CVE-2024-13161
• NVD: CVE-2024-13160
• NVD: CVE-2024-13159