CVE-2018-6316
First published: Thu Feb 15 2018(Updated: )
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Endpoint Security | <=8.5 | |
| Ivanti Endpoint Security | =8.5-update_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6316?
The severity of CVE-2018-6316 is classified as medium due to its potential to allow privileged access.
How do I fix CVE-2018-6316?
To mitigate CVE-2018-6316, upgrade to a version of Ivanti Endpoint Security later than 8.5 Update 1.
What types of systems are affected by CVE-2018-6316?
CVE-2018-6316 affects Ivanti Endpoint Security versions 8.5 and earlier, including the specific 8.5 Update 1.
What are the implications of CVE-2018-6316?
The implications of CVE-2018-6316 include the ability for an authenticated low-privileged user to bypass application whitelisting.
Is CVE-2018-6316 exploitable over the internet?
CVE-2018-6316 is not directly exploitable over the internet as it requires an authenticated user with local network access.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ivanti
- canonical/ivanti endpoint security
- version/ivanti endpoint security/8.5
- version/ivanti endpoint security/8.5-update_1