CVE-2024-10256

Summary

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

Affected Software

VendorProductVersion RangeStatus
IvantiPatch SDK9.7.703unaffected
IvantiEndpoint Manager2024 November Security Updateunaffected
IvantiEndpoint Manager2022 SU6 November Security Updateunaffected
IvantiSecurity Controls2024.4unaffected
IvantiPatch for Configuration Manager2024.4unaffected
IvantiNeurons for Patch Management2024.4unaffected
IvantiNeurons Agent Platform2024.4unaffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References