exploitDog

CVE-2020-13774

Опубликовано: 12 нояб. 2020

Источник: nvd

CVSS3: 9.9

CVSS2: 9

EPSS Низкий

Описание

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

Ссылки

https://labs.jumpsec.com/advisory-cve-2020-13774-ivanti-uem-rce/
Third Party Advisory
https://labs.jumpsec.com/advisory-cve-2020-13774-ivanti-uem-rce/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:endpoint_manager:2019.1:*:*:*:*:*:*:*

cpe:2.3:a:ivanti:endpoint_manager:2020.1:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05174

Низкий

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-cjp5-25r3-4x92

github

больше 3 лет назад

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

EPSS

Процентиль: 90%

0.05174

Низкий

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-434