CVE-2024-13170 – This vulnerability allows remote unauthenticate... (How to Fix)

Q: What is the severity of CVE-2024-13170?

CVE-2024-13170 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote unauthenticated attackers to cause denial of service through an out-of-bounds write in Ivanti EPM. It affects Ivanti EPM 2024 versions before the January-2025 security update and EPM 2022 SU6 versions before the January-2025 security update. Organizations using these vulnerable versions are at risk.

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to cause denial of service through an out-of-bounds write in Ivanti EPM. It affects Ivanti EPM 2024 versions before the January-2025 security update and EPM 2022 SU6 versions before the January-2025 security update. Organizations using these vulnerable versions are at risk.

💻 Affected Systems

Products:

Ivanti Endpoint Manager (EPM)

Versions: EPM 2024 versions before January-2025 Security Update, EPM 2022 SU6 versions before January-2025 Security Update

Operating Systems: Windows Server (EPM server components)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability exists in the core EPM service.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption leading to extended downtime of Ivanti EPM services

🟠

Likely Case

Service disruption affecting endpoint management capabilities until system restart

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting exposure

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows attackers to disrupt services without credentials

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The vulnerability requires crafting specific network requests to trigger the out-of-bounds write condition. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024 January-2025 Security Update for EPM 2024, 2022 SU6 January-2025 Security Update for EPM 2022 SU6

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6

Restart Required: Yes

Instructions:

1. Download the appropriate security update from Ivanti's support portal. 2. Apply the update following Ivanti's installation documentation. 3. Restart the EPM services or server as required.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Ivanti EPM services to trusted IP addresses only

Service Isolation

all

Place EPM servers in isolated network segments with strict firewall rules

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to EPM services
Monitor EPM service health and logs for signs of exploitation or service disruption

🔍 How to Verify

Check if Vulnerable:

Check EPM version in Ivanti EPM console or via registry: HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk\ManagementSuite\Version

Check Version:

reg query "HKLM\SOFTWARE\LANDesk\ManagementSuite" /v Version

Verify Fix Applied:

Verify installed version matches or exceeds the January-2025 security update version

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes in Windows Event Logs
EPM service termination events
High volume of malformed requests to EPM ports

Network Indicators:

Unusual traffic patterns to EPM service ports (default 80/443, 8443)
Requests with malformed payloads to EPM endpoints

SIEM Query:

source="windows" AND (event_id=7034 OR event_id=1000) AND process_name="*epm*" OR service_name="*epm*"

📊 Metadata

CVE ID: CVE-2024-13170

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 2.22% exploit probability (84.2th percentile)

Published: January 14, 2025

Last Updated: July 11, 2025

🔗 References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13170, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

Endpoint Manager by Ivanti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Service Isolation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities