CVE-2024-10811 is an absolute path traversal vulnerability (CWE-36) affecting Ivanti Endpoint Manager versions released before the 2024 January-2025 Security Update and the 2022 SU6 January-2025 Security Update. The vulnerability arises because the software improperly validates user-supplied file paths, allowing an attacker to specify absolute paths to files outside the intended directory scope. This lack of proper sanitization enables remote, unauthenticated attackers to read arbitrary files on the server hosting the Endpoint Manager, potentially exposing sensitive configuration files, credentials, or other confidential data. The vulnerability is exploitable remotely without authentication or user interaction, increasing its threat level. The CVSS 3.1 base score of 9.8 indicates critical severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact includes full compromise of confidentiality, integrity, and availability of the affected system. Ivanti has published security updates to remediate this issue, but no public exploit code or active exploitation has been reported to date. Organizations relying on Ivanti Endpoint Manager for endpoint management should urgently assess their exposure and apply patches to mitigate this critical vulnerability.

The impact of CVE-2024-10811 is severe for organizations globally that use Ivanti Endpoint Manager. Exploitation allows attackers to read arbitrary files remotely without authentication, potentially exposing sensitive information such as credentials, configuration files, or proprietary data. This can lead to further compromise, including privilege escalation, lateral movement, or disruption of endpoint management operations. The vulnerability affects confidentiality, integrity, and availability, as attackers could manipulate or delete critical files after gaining access. Enterprises relying on Ivanti Endpoint Manager for managing large fleets of endpoints, especially in sectors like finance, healthcare, government, and critical infrastructure, face heightened risk. The ease of exploitation and critical severity score mean that threat actors could weaponize this vulnerability rapidly once exploit code becomes available, leading to widespread attacks and data breaches.

Organizations should immediately verify their Ivanti Endpoint Manager version and apply the 2024 January-2025 Security Update or the 2022 SU6 January-2025 Security Update provided by Ivanti. Until patches are applied, restrict network access to the Endpoint Manager interface to trusted IPs only, using firewalls or network segmentation to reduce exposure. Monitor logs for unusual file access patterns or attempts to exploit path traversal. Employ intrusion detection/prevention systems (IDS/IPS) with signatures for path traversal attacks. Conduct thorough audits of sensitive files on the Endpoint Manager server to identify any unauthorized access. Educate security teams about this vulnerability and prepare incident response plans in case of exploitation. Regularly update and patch endpoint management software to prevent exploitation of known vulnerabilities. Consider implementing application-layer controls that validate and sanitize file path inputs if custom integrations exist.