Vulnerability Details : CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.
Vulnerability category: Execute code
Products affected by CVE-2020-13774
- cpe:2.3:a:ivanti:endpoint_manager:2019.1:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2020.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13774
5.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13774
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
|
9.9
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST |
CWE ids for CVE-2020-13774
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13774
-
https://labs.jumpsec.com/advisory-cve-2020-13774-ivanti-uem-rce/
Advisory CVE-2020-13774 - Ivanti Unified Endpoint Manager authenticated RCE via file upload | JUMPSEC LABSThird Party Advisory
Jump to