Vulnerability Details : CVE-2023-35081
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
Vulnerability category: Directory traversal
CVE-2023-35081 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicab
Notes:
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081
Added on
2023-07-31
Action due date
2023-08-21
Exploit prediction scoring system (EPSS) score for CVE-2023-35081
79.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less