CVE-2023-35081 - Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
CVE-2023-35081
Ivanti | Endpoint Manager Mobile (EPMM)
- Date Added:
- 2023-07-31
- Due Date:
- 2023-08-21
- Vulnerability Name
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
- Description
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081
Free security scan for your website