← back
CVE-2023-46808

CVE-2023-46808

CVSS 9.9 CRITICALEPSS 2.0%CWE-434
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.9EPSS 2.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Ivanti · ITSM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM