CVE-2024-13164 – An uninitialized resource vulnerability in Ivan... (How to Fix)

Q: What is the severity of CVE-2024-13164?

CVE-2024-13164 has a CVSS score of 7.8 (HIGH). An uninitialized resource vulnerability in Ivanti Endpoint Manager (EPM) allows local authenticated attackers to escalate privileges. This affects Ivanti EPM 2024 and 2022 SU6 versions before the January 2025 security updates. Attackers must already have local authenticated access to exploit this vulnerability.

📋 TL;DR

An uninitialized resource vulnerability in Ivanti Endpoint Manager (EPM) allows local authenticated attackers to escalate privileges. This affects Ivanti EPM 2024 and 2022 SU6 versions before the January 2025 security updates. Attackers must already have local authenticated access to exploit this vulnerability.

💻 Affected Systems

Products:

Ivanti Endpoint Manager

Versions: EPM 2024 versions before January 2025 Security Update, EPM 2022 SU6 versions before January 2025 Security Update

Operating Systems: Windows (EPM server platforms)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. Requires local authenticated access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

A local authenticated attacker gains full administrative privileges on the system, potentially compromising the entire EPM environment and connected endpoints.

🟠

Likely Case

A malicious insider or compromised account escalates privileges to install malware, exfiltrate data, or maintain persistence on the system.

🟢

If Mitigated

With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.

🌐 Internet-Facing: LOW - This requires local authenticated access, not remote exploitation.

🏢 Internal Only: HIGH - Local authenticated attackers (including compromised accounts) can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local authenticated access and understanding of the uninitialized resource. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EPM 2024 January 2025 Security Update, EPM 2022 SU6 January 2025 Security Update

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6

Restart Required: No

Instructions:

1. Download the appropriate security update from the Ivanti support portal. 2. Apply the update to all affected EPM servers. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local authenticated access to EPM servers to only necessary administrative personnel.

🧯 If You Can't Patch

Implement strict least privilege access controls for all local accounts on EPM servers
Enable detailed auditing and monitoring of privilege escalation attempts on EPM systems

🔍 How to Verify

Check if Vulnerable:

Check EPM version against affected versions: EPM 2024 before January 2025 Security Update or EPM 2022 SU6 before January 2025 Security Update

Check Version:

Check EPM console or server properties for version information

Verify Fix Applied:

Verify EPM version shows the January 2025 Security Update has been applied

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events
Multiple failed privilege escalation attempts followed by success
Unexpected administrative account activity

Network Indicators:

Unusual outbound connections from EPM server following local authentication events

SIEM Query:

source="EPM" AND (event_type="privilege_escalation" OR user="*" AND action="elevate")

📊 Metadata

CVE ID: CVE-2024-13164

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-908

EPSS Score: 0.15% exploit probability (36th percentile)

Published: January 14, 2025

Last Updated: July 11, 2025

🔗 References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13164, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities