CVE-2024-22058 (GCVE-0-2024-22058)
Vulnerability from cvelistv5 – Published: 2024-05-31 17:38 – Updated: 2025-03-17 15:41
VLAI
EPSS
VEX
Summary
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T16:26:52.175727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:41:54.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EPM",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "2021",
"status": "affected",
"version": "2021",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T17:38:31.334Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22058",
"datePublished": "2024-05-31T17:38:31.334Z",
"dateReserved": "2024-01-05T01:04:06.642Z",
"dateUpdated": "2025-03-17T15:41:54.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-22058",
"date": "2026-07-18",
"epss": "0.00379",
"percentile": "0.3018"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento del b\\u00fafer permite que un usuario con privilegios bajos en la m\\u00e1quina local que tiene instalado el Agente EPM ejecute c\\u00f3digo arbitrario con permisos elevados en Ivanti EPM 2021.1 y versiones anteriores.\"}]",
"id": "CVE-2024-22058",
"lastModified": "2024-11-21T08:55:28.643",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2024-05-31T18:15:10.317",
"references": "[{\"url\": \"https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM\", \"source\": \"support@hackerone.com\"}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22058\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-05-31T18:15:10.317\",\"lastModified\":\"2026-06-17T07:10:37.807\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del b\u00fafer permite que un usuario con privilegios bajos en la m\u00e1quina local que tiene instalado el Agente EPM ejecute c\u00f3digo arbitrario con permisos elevados en Ivanti EPM 2021.1 y versiones anteriores.\"}],\"affected\":[{\"source\":\"support@hackerone.com\",\"affectedData\":[{\"vendor\":\"Ivanti\",\"product\":\"EPM\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2021\",\"lessThanOrEqual\":\"2021\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-06-07T16:26:52.175727Z\",\"id\":\"CVE-2024-22058\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2021.1\",\"matchCriteriaId\":\"11647D42-B2CC-435E-AF3C-AD9C2B6E712C\"}]}]}],\"references\":[{\"url\":\"https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM\",\"source\":\"support@hackerone.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T20:27:11+00:00",
"cve": "CVE-2024-22058",
"id": "CVE-2024-22058",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "CVE-2024-22058",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22058.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:35:34.747Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22058\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-07T16:26:52.175727Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-07T16:26:59.205Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Ivanti\", \"product\": \"EPM\", \"versions\": [{\"status\": \"affected\", \"version\": \"2021\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2021\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2024-05-31T17:38:31.334Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22058\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-17T15:41:54.663Z\", \"dateReserved\": \"2024-01-05T01:04:06.642Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2024-05-31T17:38:31.334Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…