File Upload Vulnerability in Ivanti ITSM Before 2023.4 Allows Remote File Writes and Command Execution
CVE-2023-46808

9.9CRITICAL

Key Information:

Vendor

Ivanti
Status
Itsm
Vendor
CVE Published:
31 March 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2023-46808?

An authenticated remote file upload vulnerability in Ivanti ITSM versions before 2023.4 permits an authenticated user to write arbitrary files to the server. Exploitation of this vulnerability may enable an attacker to execute commands within the context of a non-root user, potentially compromising the security of sensitive data and the overall system integrity. Organizations using affected versions are advised to apply necessary updates and assess their security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ITSM 2023.3

News Articles

favicon imageMalwarebytes

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now | Malwarebytes

Ivanti has issued patches for two new vulnerabilities with a high CVSS score. Neither is known to have been explioted in the wild. Yet.

References

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Aut...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • ๐Ÿ“ฐ

    First article discovered by Malwarebytes

  • Vulnerability Reserved

JSON
.