CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-12377

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile37.46th
Published2019年6月3日
Last Modified2024年11月21日

Vulnerability Description

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

Affected Platforms (CPE)

📦
Ivanti

Landesk Management Suite

= 10.0.1.168

References & Advisories

🔗 https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/
🔗 https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/
🔗 https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/
🔗 https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/

相關漏洞威脅

CVE-2007-167410.0

Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute...

CVE-2008-246810.0

Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Mana...

CVE-2016-31479.8

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to ca...

CVE-2019-123739.0

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Up...