Cyber Resilience

CVE-2023-35081

HighCISA KEVActive ExploitationEUVD Exploited

Published: 03 August 2023

Published
03 August 2023
Modified
14 January 2026
KEV Added
31 July 2023
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9068 99.6th percentile
Risk Priority 89 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-35081 is a high-severity Path Traversal (CWE-22) vulnerability in Ivanti Endpoint Manager Mobile. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and CM-5 (Access Restrictions for Change).

Deeper analysis

A path traversal vulnerability tracked as CVE-2023-35081 affects Ivanti Endpoint Manager Mobile (EPMM) in versions 11.10.x prior to 11.10.0.3, 11.9.x prior to 11.9.1.2, and 11.8.x prior to 11.8.1.2. The flaw, assigned CWE-22, permits an authenticated administrator to write arbitrary files to the appliance, carrying a CVSS 3.1 score of 7.2 that reflects high impact on confidentiality, integrity, and availability over a network vector with low attack complexity.

An authenticated administrator can exploit the issue to upload or overwrite files on the EPMM appliance, potentially achieving remote code execution or persistence by placing malicious content in sensitive directories. Because the attack requires valid administrative credentials, the primary threat arises from compromised or malicious insider accounts rather than unauthenticated remote attackers.

Ivanti advisory documentation directs customers to apply the fixed releases 11.10.0.3, 11.9.1.2, or 11.8.1.2, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score has reached a peak of 0.9283 with a current value of 0.9068, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

CWE(s)
KEV Date Added
31 July 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
endpoint manager mobile
11.8.0 — 11.8.1.2 · 11.9.0 — 11.9.1.2 · 11.10.0 — 11.10.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of file path inputs to block the path traversal sequence that enables arbitrary file writes.

prevent

Restricts which privileged accounts can perform file-system modifications, limiting the impact of an authenticated administrator exploiting the flaw.

detect

Requires integrity verification of files and system components, allowing detection of unauthorized writes resulting from the path traversal.

References