CVE-2023-35081 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 13, 2024
What is CVE-2023-35081?
CVE-2023-35081 is a high-severity vulnerability in certain versions of Ivanti Endpoint Manager Mobile (EPMM). This path traversal vulnerability allows an authenticated administrator to write arbitrary files onto the affected systems, potentially leading to malicious actions. Systems running versions 11.10, 11.9, 11.8, and older are at risk. It's crucial for organizations to address this vulnerability to maintain system security.
Who is impacted by this?
Authenticated administrators using Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x, 11.9.x, 11.10.x, and older are impacted by CVE-2023-35081. This path traversal vulnerability allows them to write arbitrary files onto the affected systems, potentially leading to malicious actions. Organizations must be aware of this vulnerability to maintain system security.
What should I do if I’m affected?
If you're affected by the CVE-2023-35081 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps to mitigate the risk:
Apply the patch provided by Ivanti to fix the problem.
Read the Knowledge Base article for detailed information on accessing and applying the remediations.
Update your internal vulnerability management procedures as per Binding Operational Directive 22-01.
Remediate vulnerabilities according to the timelines set forth in the CISA-managed vulnerability catalog.
Report on the status of vulnerabilities listed in the repository.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2023-35081 is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on July 31, 2023, with a remediation due date of August 21, 2023. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22, which is a path traversal issue in Ivanti Endpoint Manager Mobile.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-35081 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 13, 2024
What is CVE-2023-35081?
CVE-2023-35081 is a high-severity vulnerability in certain versions of Ivanti Endpoint Manager Mobile (EPMM). This path traversal vulnerability allows an authenticated administrator to write arbitrary files onto the affected systems, potentially leading to malicious actions. Systems running versions 11.10, 11.9, 11.8, and older are at risk. It's crucial for organizations to address this vulnerability to maintain system security.
Who is impacted by this?
Authenticated administrators using Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x, 11.9.x, 11.10.x, and older are impacted by CVE-2023-35081. This path traversal vulnerability allows them to write arbitrary files onto the affected systems, potentially leading to malicious actions. Organizations must be aware of this vulnerability to maintain system security.
What should I do if I’m affected?
If you're affected by the CVE-2023-35081 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps to mitigate the risk:
Apply the patch provided by Ivanti to fix the problem.
Read the Knowledge Base article for detailed information on accessing and applying the remediations.
Update your internal vulnerability management procedures as per Binding Operational Directive 22-01.
Remediate vulnerabilities according to the timelines set forth in the CISA-managed vulnerability catalog.
Report on the status of vulnerabilities listed in the repository.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2023-35081 is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on July 31, 2023, with a remediation due date of August 21, 2023. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22, which is a path traversal issue in Ivanti Endpoint Manager Mobile.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-35081 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 13, 2024
What is CVE-2023-35081?
CVE-2023-35081 is a high-severity vulnerability in certain versions of Ivanti Endpoint Manager Mobile (EPMM). This path traversal vulnerability allows an authenticated administrator to write arbitrary files onto the affected systems, potentially leading to malicious actions. Systems running versions 11.10, 11.9, 11.8, and older are at risk. It's crucial for organizations to address this vulnerability to maintain system security.
Who is impacted by this?
Authenticated administrators using Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x, 11.9.x, 11.10.x, and older are impacted by CVE-2023-35081. This path traversal vulnerability allows them to write arbitrary files onto the affected systems, potentially leading to malicious actions. Organizations must be aware of this vulnerability to maintain system security.
What should I do if I’m affected?
If you're affected by the CVE-2023-35081 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps to mitigate the risk:
Apply the patch provided by Ivanti to fix the problem.
Read the Knowledge Base article for detailed information on accessing and applying the remediations.
Update your internal vulnerability management procedures as per Binding Operational Directive 22-01.
Remediate vulnerabilities according to the timelines set forth in the CISA-managed vulnerability catalog.
Report on the status of vulnerabilities listed in the repository.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, CVE-2023-35081 is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on July 31, 2023, with a remediation due date of August 21, 2023. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22, which is a path traversal issue in Ivanti Endpoint Manager Mobile.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions