CVE-2024-7612

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2024-7612	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:endpoint_manager_mobile::::::::
	cpe:2.3:a:ivanti:endpoint_manager_mobile::::::::

History

18 Dec 2024, 18:27

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ivanti:endpoint_manager_mobile::::::::
References	~~() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2024-7612 -~~	() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2024-7612 - Vendor Advisory
First Time		Ivanti endpoint Manager Mobile Ivanti

Information

Published : 2024-10-08 17:15

Updated : 2024-12-18 18:27

NVD link : CVE-2024-7612

Mitre link : CVE-2024-7612

CVE.ORG link : CVE-2024-7612

JSON object : View

Products Affected

ivanti

endpoint_manager_mobile

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2024-7612", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-08T17:15:55.870", "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2024-7612", "tags": ["Vendor Advisory"], "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "description": [{"lang": "en", "value": "CWE-732"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components."}, {"lang": "es", "value": "Los permisos inseguros en Ivanti EPMM anterior a 12.1.0.4 permiten que un atacante autenticado local acceda o modifique archivos de configuraci\u00f3n confidenciales sin la autorizaci\u00f3n adecuada."}], "lastModified": "2024-12-18T18:27:42.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B631B10F-38DB-496A-B9D4-7C0F45D86AEB", "versionEndExcluding": "12.0.0.5"}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F7BA3DC-9A9D-4033-BFD0-F35E46695489", "versionEndExcluding": "12.1.0.4", "versionStartIncluding": "12.1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"}