CVE-2024-13167 – An out-of-bounds write vulnerability in Ivanti ... (How to Fix)

Q: What is the severity of CVE-2024-13167?

CVE-2024-13167 has a CVSS score of 7.5 (HIGH). An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects Ivanti EPM 2024 versions before the January-2025 security update and 2022 SU6 versions before the January-2025 security update. Organizations using these vulnerable Ivanti EPM versions are at risk.

📋 TL;DR

An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects Ivanti EPM 2024 versions before the January-2025 security update and 2022 SU6 versions before the January-2025 security update. Organizations using these vulnerable Ivanti EPM versions are at risk.

💻 Affected Systems

Products:

Ivanti Endpoint Manager (EPM)

Versions: EPM 2024 versions before January-2025 Security Update, EPM 2022 SU6 versions before January-2025 Security Update

Operating Systems: Windows Server (EPM server components)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability affects the EPM server/service components.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Ivanti EPM management capabilities, potentially affecting endpoint management across the organization.

🟠

Likely Case

Service crashes leading to temporary loss of endpoint management functionality until service restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting exposure.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows attackers to target exposed systems without credentials.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access to EPM services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The vulnerability requires crafting specific network requests to trigger the out-of-bounds write condition. No authentication is required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EPM 2024 January-2025 Security Update, EPM 2022 SU6 January-2025 Security Update

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6

Restart Required: Yes

Instructions:

1. Download the appropriate security update from Ivanti's support portal. 2. Apply the update to all affected EPM servers. 3. Restart EPM services. 4. Verify successful update installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to EPM servers to only trusted management networks

Configure firewall rules to block external access to EPM ports (typically 80/443 and management ports)

Service Monitoring

windows

Implement monitoring and automatic restart for EPM services

Configure service monitoring tools to detect and restart EPM services if they crash

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to EPM servers
Deploy additional monitoring and alerting for EPM service crashes

🔍 How to Verify

Check if Vulnerable:

Check EPM version in Ivanti EPM console or via registry: HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk\ManagementSuite\Version

Check Version:

reg query "HKLM\SOFTWARE\LANDesk\ManagementSuite" /v Version

Verify Fix Applied:

Verify installed version matches or exceeds the January-2025 security update version

📡 Detection & Monitoring

Log Indicators:

EPM service crash events in Windows Event Logs
Unexpected service termination logs

Network Indicators:

Unusual network traffic patterns to EPM ports from untrusted sources

SIEM Query:

EventID=7034 OR EventID=1000 AND Source="Ivanti EPM Service"

📊 Metadata

CVE ID: CVE-2024-13167

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 2.22% exploit probability (84.2th percentile)

Published: January 14, 2025

Last Updated: July 11, 2025

🔗 References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13167, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Service Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities