Arbitrary File Upload Vulnerability in Ivanti LANDESK Management Suite
CVE-2019-12377

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Landesk Management Suite
Vendor: CVE Published:; 3 June 2019

Summary

A vulnerability exists in the upl/async_upload.asp web API endpoint of Ivanti LANDESK Management Suite, which allows attackers to upload arbitrary files. This flaw could be exploited to execute malicious code on the server, posing significant security risks for users. The affected version is 10.0.1.168 Service Update 5 of the LANDESK Management Suite, demanding urgent remediation.

References

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-se...

x_refsource_MISC

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-se...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2019
Vulnerability Reserved
May 27, 2019