Secure CI/CD Pipelines with ZTNA

Workshop

Sept 17

Register today

Try Twingate

Request a Demo

Product

Docs

Resources

Partners

Customers

Pricing

Product

Docs

Partners

Resources

Customers

Pricing

Sign in

Request Demo

Try for Free

Secure CI/CD Pipelines with ZTNA

Workshop

Sept 17

Register today

Try Twingate

Request a Demo

Product

Docs

Resources

Partners

Customers

Pricing

Secure CI/CD Pipelines with ZTNA

Workshop

Sept 17

Register

Try Twingate

Request a Demo

Product

Docs

Resources

Partners

Customers

Pricing

Blog

/

CVE-2023-35081 Report - Details, Severity, & Advisorie...

Latest

News

Insights

Tips

Tutorials

Comparisons

Glossary

Other

CVE-2023-35081 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-35081?

CVE-2023-35081 is a high-severity vulnerability in certain versions of Ivanti Endpoint Manager Mobile (EPMM). This path traversal vulnerability allows an authenticated administrator to write arbitrary files onto the affected systems, potentially leading to malicious actions. Systems running versions 11.10, 11.9, 11.8, and older are at risk. It's crucial for organizations to address this vulnerability to maintain system security.

Who is impacted by this?

Authenticated administrators using Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x, 11.9.x, 11.10.x, and older are impacted by CVE-2023-35081. This path traversal vulnerability allows them to write arbitrary files onto the affected systems, potentially leading to malicious actions. Organizations must be aware of this vulnerability to maintain system security.

What should I do if I’m affected?

If you're affected by the CVE-2023-35081 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps to mitigate the risk:

  1. Apply the patch provided by Ivanti to fix the problem.

  2. Read the Knowledge Base article for detailed information on accessing and applying the remediations.

  3. Update your internal vulnerability management procedures as per Binding Operational Directive 22-01.

  4. Remediate vulnerabilities according to the timelines set forth in the CISA-managed vulnerability catalog.

  5. Report on the status of vulnerabilities listed in the repository.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2023-35081 is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on July 31, 2023, with a remediation due date of August 21, 2023. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which is a path traversal issue in Ivanti Endpoint Manager Mobile.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Try Twingate for Free

Request Demo

Blog

/

CVE-2023-35081 Report - Details, Severity, & Advisorie...

CVE-2023-35081 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-35081?

CVE-2023-35081 is a high-severity vulnerability in certain versions of Ivanti Endpoint Manager Mobile (EPMM). This path traversal vulnerability allows an authenticated administrator to write arbitrary files onto the affected systems, potentially leading to malicious actions. Systems running versions 11.10, 11.9, 11.8, and older are at risk. It's crucial for organizations to address this vulnerability to maintain system security.

Who is impacted by this?

Authenticated administrators using Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x, 11.9.x, 11.10.x, and older are impacted by CVE-2023-35081. This path traversal vulnerability allows them to write arbitrary files onto the affected systems, potentially leading to malicious actions. Organizations must be aware of this vulnerability to maintain system security.

What should I do if I’m affected?

If you're affected by the CVE-2023-35081 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps to mitigate the risk:

  1. Apply the patch provided by Ivanti to fix the problem.

  2. Read the Knowledge Base article for detailed information on accessing and applying the remediations.

  3. Update your internal vulnerability management procedures as per Binding Operational Directive 22-01.

  4. Remediate vulnerabilities according to the timelines set forth in the CISA-managed vulnerability catalog.

  5. Report on the status of vulnerabilities listed in the repository.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2023-35081 is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on July 31, 2023, with a remediation due date of August 21, 2023. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which is a path traversal issue in Ivanti Endpoint Manager Mobile.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Try Twingate for Free

Request Demo

Blog

CVE-2023-35081 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-35081?

CVE-2023-35081 is a high-severity vulnerability in certain versions of Ivanti Endpoint Manager Mobile (EPMM). This path traversal vulnerability allows an authenticated administrator to write arbitrary files onto the affected systems, potentially leading to malicious actions. Systems running versions 11.10, 11.9, 11.8, and older are at risk. It's crucial for organizations to address this vulnerability to maintain system security.

Who is impacted by this?

Authenticated administrators using Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x, 11.9.x, 11.10.x, and older are impacted by CVE-2023-35081. This path traversal vulnerability allows them to write arbitrary files onto the affected systems, potentially leading to malicious actions. Organizations must be aware of this vulnerability to maintain system security.

What should I do if I’m affected?

If you're affected by the CVE-2023-35081 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps to mitigate the risk:

  1. Apply the patch provided by Ivanti to fix the problem.

  2. Read the Knowledge Base article for detailed information on accessing and applying the remediations.

  3. Update your internal vulnerability management procedures as per Binding Operational Directive 22-01.

  4. Remediate vulnerabilities according to the timelines set forth in the CISA-managed vulnerability catalog.

  5. Report on the status of vulnerabilities listed in the repository.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2023-35081 is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on July 31, 2023, with a remediation due date of August 21, 2023. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which is a path traversal issue in Ivanti Endpoint Manager Mobile.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Solutions

Zero Trust Access

Documentation

Quick Start

Use Cases

Architecture

API

Twingate Labs

Resources

Blog

Customers

Whitepaper

Changelog

Company

About

Careers

Pricing

Partners

Terms

Privacy

Your Privacy Choices

Support

Contact Sales

Get Help

FAQ

Try for Free

Request Demo

Download

Copyright © 2024 Twingate.

macOS

Windows

Linux

Chrome

iOS

Android

Solutions

Zero Trust Access

Documentation

Quick Start

Use Cases

Architecture

API

Twingate Labs

Resources

Blog

Customers

Whitepaper

Changelog

Company

About

Careers

Pricing

Partners

Terms

Privacy

Your Privacy Choices

Support

Contact Sales

Get Help

FAQ

Try for Free

Request Demo

Download

Copyright © 2024 Twingate.

macOS

Windows

Linux

Chrome

iOS

Android

The VPN replacement your workforce will love.

Try Twingate for Free

Request a Demo

Solutions

Zero Trust Access

Documentation

Quick Start

Use Cases

Architecture

API

Twingate Labs

Resources

Blog

Customers

Whitepaper

Changelog

Company

About

Careers

Pricing

Partners

Terms

Privacy

Your Privacy Choices

Support

Contact Sales

Get Help

FAQ

Try for Free

Request Demo

Download

Copyright © 2024 Twingate.

macOS

Windows

Linux

Chrome

iOS

Android