CVE-2023-41725

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche EnterpriseServer Service (affected versions not specified)

Description The issue is related to an unrestricted file upload vulnerability in the Ivanti Avalanche EnterpriseServer Service, which can be exploited to elevate privileges and execute arbitrary code in the context of SYSTEM. This vulnerability is associated with the saveConfig method of the mobile device management system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Unrestricted File Upload

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434CWE-266

Related Identifiers

BDU:2023-09125

CVE-2023-41725

ZDI-23-1800

Affected Products

Ivanti Avalanche Enterpriseserver Service

CVE-2023-41725

Weakness Enumeration

Related Identifiers

Affected Products

References · 8