CVE-2023-35081 - Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

Vulnerability Name

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

Description

Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2023-35081