#Ivanti Releases #Security Updates for #EPMM to address CVE-2023-35081

Read Time47 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/28/2023 08:00 AM EDT

Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081CWE-22) in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability allows an attacker with EPMM administrator privileges to write arbitrary files with the operating system privileges of the EPMM web application server. The attacker could then execute the uploaded file, for example, a web shell. To gain EPMM administrator privileges, the attacker could exploit CVE-2023-35078 on an unpatched system.

Ivanti reports active exploitation of both CVE-2023-35081 and CVE-2023-35078.

This vulnerability affects supported EPMM versions 11.10, 11.9, and 11.8. Older, unsupported versions are also affected.

CISA urges users and organizations to patch both CVE-2023-35081 and CVE-2023-35078. Patches for CVE-2023-35081 also include patches for CVE-2023-35078 (refer to our prior alert.)

About Post Author

Robert Williams

Robert Williams Editor in Chief News247Worldpress Justice News247

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from #News247WorldPress

Subscribe now to keep reading and get access to the full archive.

Continue Reading

%d bloggers like this: