CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12377

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile37.46th
PublishedJun 3, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

Affected Platforms (CPE)

πŸ“¦
Ivanti

Landesk Management Suite

= 10.0.1.168

References & Advisories

πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/
πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/
πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/
πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/

Related Vulnerabilities

CVE-2007-167410.0

Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute...

CVE-2008-246810.0

Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Mana...

CVE-2016-31479.8

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to ca...

CVE-2019-123739.0

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Up...