CVE

CVE-2021-36942

2field notes · 0digests

Field notes

Analysis · May 20, 2026 · operations-desk
Ivanti Endpoint Manager: the management server that can be coerced into handing over credentials
CVE-2024-13159, 13160, and 13161 are path-traversal/credential-coercion flaws in Ivanti Endpoint Manager that let an attacker make the EPM server authenticate to them and relay it. It's another Ivanti product, and another privileged management server worth defending as tier-zero.
Analysis · May 20, 2026 · analysis-desk
PetitPotam: make a domain controller authenticate to you, relay it, own the domain
CVE-2021-36942 lets an attacker coerce a Windows machine, including a domain controller, into authenticating to them. Relay that to Active Directory Certificate Services and you can mint a certificate as the DC. It's an Active Directory configuration problem as much as a patch.