CVE-2023-35081
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
CVSS
—
No CVSS
EPSS
63.3%
p99
KEV
YES
Jul 31, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ivanti / Endpoint Manager Mobile (EPMM)
Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Added to KEV
Jul 31, 2023
Remediate by
Aug 21, 2023
Known ransomware use
No
Summary description
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081