Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081, CWE-22) in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability allows an attacker with EPMM administrator privileges to write arbitrary files with the operating system privileges of the EPMM web application server. The attacker could then execute the uploaded file, for example, a web shell. To gain EPMM administrator privileges, the attacker could exploit CVE-2023-35078 on an unpatched system.
Ivanti reports active exploitation of both CVE-2023-35081 and CVE-2023-35078.
This vulnerability affects supported EPMM versions 11.10, 11.9, and 11.8. Older, unsupported versions are also affected.
CISA urges users and organizations to patch both CVE-2023-35081 and CVE-2023-35078. Patches for CVE-2023-35081 also include patches for CVE-2023-35078 (refer to our prior alert.)