File Upload Vulnerability in Ivanti ITSM Before 2023.4 Allows Remote File Writes and Command Execution
CVE-2023-46808

9.9CRITICAL

Key Information:

Vendor: Ivanti
Status: Itsm
Vendor: CVE Published:; 31 March 2024

Badges

📰 News Worthy

Summary

An authenticated remote file upload vulnerability in Ivanti ITSM versions before 2023.4 permits an authenticated user to write arbitrary files to the server. Exploitation of this vulnerability may enable an attacker to execute commands within the context of a non-root user, potentially compromising the security of sensitive data and the overall system integrity. Organizations using affected versions are advised to apply necessary updates and assess their security measures.

Affected Version(s)

ITSM 2023.3

News Articles

Malwarebytes

CVE-2023-41724 CVE-2023-46808

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now | Malwarebytes

Ivanti has issued patches for two new vulnerabilities with a high CVSS score. Neither is known to have been explioted in the wild. Yet.

10 months ago

References

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Aut...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 31, 2024
📰
First article discovered by Malwarebytes
Mar 21, 2024
Vulnerability Reserved
Oct 27, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)