CVE-2024-7572 in Desktop and Server Management
Summary
by MITRE • 12/10/2024
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/02/2026
The vulnerability identified as CVE-2024-7572 represents a critical permission flaw within Ivanti DSM (Dynamic System Management) software prior to version 2024.3.5740. This issue stems from inadequate access controls that permit local authenticated users to execute unauthorized file deletion operations. The flaw exists in the permission model implementation where proper authorization checks are either missing or insufficiently enforced, allowing attackers who have already established local authentication to escalate their privileges to perform destructive file operations. The vulnerability affects the core file management subsystem of the DSM platform, which is designed to manage and monitor enterprise systems through centralized dynamic system management capabilities. This permission bypass allows an attacker to target any file within the system's file hierarchy without proper authorization, creating a significant risk for data integrity and system availability.
The technical root cause of this vulnerability aligns with CWE-284, which describes improper access control mechanisms in software systems. This weakness manifests when an application fails to properly enforce access restrictions, allowing unauthorized users to perform operations they should not be permitted to execute. The flaw specifically impacts the file system access controls within Ivanti DSM, where local authentication does not adequately translate to appropriate authorization levels for file manipulation operations. Attackers exploiting this vulnerability can leverage their authenticated local session to delete critical system files, configuration files, or user data without proper administrative oversight. The implementation appears to lack proper privilege separation between authenticated users and system administrators, creating a scenario where local access can be weaponized to compromise system integrity and potentially disrupt business operations.
The operational impact of CVE-2024-7572 extends beyond simple file deletion capabilities, as it represents a fundamental breakdown in the security architecture of the Ivanti DSM platform. Local authenticated attackers can exploit this vulnerability to cause significant disruption to enterprise operations, potentially leading to complete system compromise or service degradation. The attack surface is particularly concerning because it requires minimal prerequisites - only local authentication access to the system. This vulnerability can be leveraged by malicious insiders or attackers who have gained local access through other means to cause data loss, system instability, or facilitate further attacks. The impact is exacerbated by the fact that the affected system manages dynamic system operations, meaning that deleting critical files could lead to complete service outages or compromise the integrity of enterprise monitoring and management functions. Organizations relying on Ivanti DSM for system administration and monitoring face potential operational disruption and security breaches.
Organizations should immediately implement mitigations by upgrading to Ivanti DSM version 2024.3.5740 or later, which contains the necessary patches to address the insufficient permissions issue. System administrators should also conduct thorough access control reviews to ensure that local authentication does not automatically grant excessive privileges for file operations. The mitigation strategy should include implementing principle of least privilege for all local accounts, monitoring file deletion activities, and establishing proper audit trails for file system operations. Security teams should consider implementing additional controls such as file integrity monitoring solutions and privileged access management systems to detect and prevent unauthorized file deletion activities. The vulnerability also highlights the importance of regular security assessments and patch management processes, as this issue could have been prevented through timely updates and proper security testing. Organizations should also consider implementing network segmentation and access controls to limit local authentication access to only necessary personnel and systems, reducing the potential impact of such vulnerabilities.