CVE-2023-35081
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
CVSS
—
Sin CVSS
EPSS
63.3%
p99
KEV
SÍ
31 jul 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Ivanti / Endpoint Manager Mobile (EPMM)
Vulnerabilidad
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Añadido a KEV
31 jul 2023
Remediar antes de
21 ago 2023
Uso conocido en ransomware
No
Descripción resumida
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081