CVE-2024-22058

A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM	Permissions Required
https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*

History

20 Jun 2025, 17:48

Type	Values Removed	Values Added
First Time		Ivanti Ivanti endpoint Manager
References	~~() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM -~~	() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM - Permissions Required
First Time		Ivanti Ivanti endpoint Manager
References	~~() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM -~~	() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM - Permissions Required
CPE		cpe:2.3:a:ivanti:endpoint_manager::::::::
CPE		cpe:2.3:a:ivanti:endpoint_manager::::::::

17 Mar 2025, 16:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:ivanti:endpoint_manager::::::::
References	~~() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM - Permissions Required~~	() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM -
CWE		CWE-122

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM -~~	() https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM -
Summary		(es) Un desbordamiento del búfer permite que un usuario con privilegios bajos en la máquina local que tiene instalado el Agente EPM ejecute código arbitrario con permisos elevados en Ivanti EPM 2021.1 y versiones anteriores.

31 May 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-31 18:15

Updated : 2025-06-20 17:48

NVD link : CVE-2024-22058

Mitre link : CVE-2024-22058

CVE.ORG link : CVE-2024-22058

JSON object : View

Products Affected

ivanti

endpoint_manager

CWE

CWE-122

Heap-based Buffer Overflow

7.8 /10