Security News > 2025 > February > PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
2025-02-24 14:11
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials for relay attacks and, ultimately, to compromise the Ivanti EPM server. “Compromising the Endpoint Manager server itself would lead to the ability to compromise all of the EPM clients, making this avenue especially impactful,” Horizon3.ai … More → The post PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) appeared first on Help Net Security.
News URL
#CVE #endpoint #exploit #ivanti #POC #vulnerabilities #CVE-2024-10811 #CVE-2024-13160 #CVE-2024-13159 #CVE-2024-13161
Related news
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager (source)
- Cisco warns of denial of service flaw with PoC exploit code (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)