CNNVD-202511-1186 Information
CNNVD ID
CNNVD-202511-1186
Related CVE
- CNNVD Published: 2025-11-11
Description (Chinese)
Ivanti Endpoint Manager(EPM)是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager 2024 SU4之前版本存在安全漏洞,该漏洞源于代理默认权限不安全,可能导致本地认证攻击者任意写入磁盘文件。
Description (English)
Ivanti Endpoint Manager (EPM) is an end-point security manager for Ivanti USA. The previous version of Ivanti Endpoint Manager 2024 SU4 had a security loophole, which stemmed from the insecurity of proxy defaults, which could lead to local authentication of the assailants writing randomly on disk files.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Ivanti
Published
2025-11-11
Last Modified
2026-02-24
References
https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM-2024?language=en_US https://vigilance.fr/vulnerability/Ivanti-Endpoint-Manager-file-write-via-Agent-Default-Permissions-48710
Patch
https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM-2024?language=en_US
Share on: