Ivanti Landesk Management Suite Remote Code Execution Vulnerability

Summary

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

Credit:

The information has been provided by Ivanti

The original article can be found at: https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/


Details

Ivanti Landesk Management Suite is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • Ivanti Landesk Management Suite 10.0.1.168

CVE Information:

CVE-2019-12377

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News