CVE-2023-35081
HIGH KEVIvanti EPMM 11.8.0-11.8.1.1, 11.9.0-11.9.1.1, 11.10.0-11.10.0.2 - Authenticated Arbitrary File Write via Path Traversal
Title source: llmExploitation Summary
CVE-2023-35081 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 31, 2023.
Description
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
References (2)
Core 2
Core References
Vendor Advisory
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35081
Scores
CVSS v3
7.2
EPSS
0.9068
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-07-31
VulnCheck KEV
2023-07-28
InTheWild.io
2023-07-29
ENISA EUVD
EUVD-2023-39116
CWE
CWE-22
Status
published
Products (1)
ivanti/endpoint_manager_mobile
11.8.0 - 11.8.1.2
Published
Aug 03, 2023
KEV Added
Jul 31, 2023
Tracked Since
Feb 18, 2026