PT-2023-4188 · Ivanti · Ivanti Endpoint Manager Mobile
Published
2023-07-28
·
Updated
2026-02-03
·
CVE-2023-35081
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x through 11.8.1.1
Ivanti Endpoint Manager Mobile (EPMM) versions 11.9.x through 11.9.1.1
Ivanti Endpoint Manager Mobile (EPMM) versions 11.10.x through 11.10.0.2
Description
A path traversal vulnerability in Ivanti EPMM allows an authenticated administrator to write arbitrary files onto the appliance. This issue is being exploited by malicious actors to gain sensitive information and execute OS commands. The vulnerability is related to incorrect restriction of a directory path with limited access.
Recommendations
For Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x through 11.8.1.1, update to version 11.8.1.2 or later.
For Ivanti Endpoint Manager Mobile (EPMM) versions 11.9.x through 11.9.1.1, update to version 11.9.1.2 or later.
For Ivanti Endpoint Manager Mobile (EPMM) versions 11.10.x through 11.10.0.2, update to version 11.10.0.3 or later.
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Endpoint Manager Mobile