CVE-2020-12441

moderate-risk
Published 2020-08-06

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet.

Do I need to act?

~
8.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Desktop\&Server Management
Service Manager Heat Remote Control

Affected Vendors

Ivanti

References (4)

Release Notes https://forums.ivanti.com/s/article/Release-Notes-for-DSM-2020-1
Third Party Advisory https://insinuator.net/2020/06/security-advisories-for-ivanti-dsm-suite/
Release Notes https://forums.ivanti.com/s/article/Release-Notes-for-DSM-2020-1
Third Party Advisory https://insinuator.net/2020/06/security-advisories-for-ivanti-dsm-suite/
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 7/34 · Low