← back
CVE-2023-35081

CVE-2023-35081

CVSS 7.2 HIGHEPSS 63.3%● KEVCWE-22
In short

An authenticated administrator can bypass file system restrictions in Ivanti EPMM and write files anywhere on the system. This allows them to place malicious files or modify critical system files, potentially taking complete control of the device.

Technical detail

Path traversal vulnerability in Ivanti EPMM (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2, 11.8.x < 11.8.1.2) permits authenticated administrators to write arbitrary files to the appliance via improper input validation on file path parameters. Exploitation requires valid administrator credentials and results in unauthorized file creation/modification with system privileges.

Summary generated and translated by AI from the official description.
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Ivanti · EPMM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_UShttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35081