CVE-2023-35081
Published: 03 August 2023
Summary
CVE-2023-35081 is a high-severity Path Traversal (CWE-22) vulnerability in Ivanti Endpoint Manager Mobile. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and CM-5 (Access Restrictions for Change).
Deeper analysis
A path traversal vulnerability tracked as CVE-2023-35081 affects Ivanti Endpoint Manager Mobile (EPMM) in versions 11.10.x prior to 11.10.0.3, 11.9.x prior to 11.9.1.2, and 11.8.x prior to 11.8.1.2. The flaw, assigned CWE-22, permits an authenticated administrator to write arbitrary files to the appliance, carrying a CVSS 3.1 score of 7.2 that reflects high impact on confidentiality, integrity, and availability over a network vector with low attack complexity.
An authenticated administrator can exploit the issue to upload or overwrite files on the EPMM appliance, potentially achieving remote code execution or persistence by placing malicious content in sensitive directories. Because the attack requires valid administrative credentials, the primary threat arises from compromised or malicious insider accounts rather than unauthenticated remote attackers.
Ivanti advisory documentation directs customers to apply the fixed releases 11.10.0.3, 11.9.1.2, or 11.8.1.2, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score has reached a peak of 0.9283 with a current value of 0.9068, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-39116
Vulnerability details
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
- CWE(s)
- KEV Date Added
- 31 July 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of file path inputs to block the path traversal sequence that enables arbitrary file writes.
Restricts which privileged accounts can perform file-system modifications, limiting the impact of an authenticated administrator exploiting the flaw.
Requires integrity verification of files and system components, allowing detection of unauthorized writes resulting from the path traversal.