logo

CVE-2023-35081 - Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

CVE-2023-35081

Ivanti | Endpoint Manager Mobile (EPMM)

  • Date Added:
  • 2023-07-31
  • Due Date:
  • 2023-08-21
Vulnerability Name

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

Description

Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081

Free security scan for your website