CVE-2023-46808

CRITICAL EXPLOITED

Ivanti ITSM <2023.4 - Command Injection

Title source: llm

Description

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM

Scores

CVSS v3 9.9

EPSS 0.1301

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-05-14

CWE

CWE-434

Status published

Products (1)

ivanti/neurons_for_itsm < 2023.4

Published Mar 31, 2024

Tracked Since Feb 18, 2026