CVE-2023-46808
published 2024-03-31CVE-2023-46808: An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation…
PriorityP185critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.00%
78.3th percentile
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | itsm | 2023.3 – 2023.3 | — |
| ivanti | neurons_for_itsm | < 2023.4 | 2023.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is unrestricted file upload (CWE-434) in Ivanti ITSM before 2023.4 — monitor for unexpected file writes to the server by authenticated users, particularly in web-accessible directories that could enable server-side code execution. ↗
- →Execution context is a non-root user — post-exploitation process activity (e.g., web shells, spawned child processes) from a non-root account on Ivanti ITSM hosts should be treated as a high-fidelity indicator of compromise. ↗
- ·Exploitation requires prior authentication — detections should account for the attacker already possessing valid credentials; monitor for anomalous authenticated sessions followed by unusual file upload activity. ↗
- ·Vulnerability is present in Ivanti ITSM versions before 2023.4 — scope detections and patching efforts to all instances not yet upgraded to 2023.4 or later. ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck9.9CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6gxv-ch26-86wv: An file upload vulnerability in Ivanti ITSM before 2023
ghsa_unreviewed·2024-03-31
CVE-2023-46808 [CRITICAL] CWE-434 GHSA-6gxv-ch26-86wv: An file upload vulnerability in Ivanti ITSM before 2023
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
VulnCheck
Ivanti neurons_for_itsm Unrestricted Upload of File with Dangerous Type
vulncheck·2023·CVSS 9.9
CVE-2023-46808 [CRITICAL] Ivanti neurons_for_itsm Unrestricted Upload of File with Dangerous Type
Ivanti neurons_for_itsm Unrestricted Upload of File with Dangerous Type
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Affected: Ivanti neurons_for_itsm
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/2024_Trustwave_Public_Sector_Threat_Landscape.pdf
Ivanti
Ivanti Security Advisory: CVE-2023-46808
vendor_ivanti·2024-03-31·CVSS 9.9
CVE-2023-46808 [CRITICAL] CWE-434 Ivanti Security Advisory: CVE-2023-46808
Ivanti Security Advisory: CVE-2023-46808
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
CVE IDs: CVE-2023-46808
CVSS Base Score: 9.9
Severity: CRITICAL
CWEs: CWE-434
No detection rules found.
No public exploits indexed.
2024-03-31
Published
Exploited in the wild