File Upload Vulnerability in Ivanti ITSM Before 2023.4 Allows Remote File Writes and Command Execution

CVE-2023-46808

9.9CRITICAL

Key Information

Vendor: Ivanti
Status: Itsm
Vendor: CVE Published:; 31 March 2024

Badges

📰 News Worthy

Summary

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Affected Version(s)

ITSM <= 2023.3

News Articles

Malwarebytes

CVE-2023-41724CVE-2023-46808

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now | Malwarebytes

Ivanti has issued patches for two new vulnerabilities with a high CVSS score. Neither is known to have been explioted in the wild. Yet.

6 months ago

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 9.9 - (CRITICAL)
Mar 31, 2024
Vulnerability published.
Mar 31, 2024
First article discovered by Malwarebytes
Mar 21, 2024
Vulnerability Reserved.
Oct 27, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)