Ivanti Landesk Management Suite Remote Code Execution Vulnerability
A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.
The information has been provided by Ivanti
The original article can be found at: https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/
Ivanti Landesk Management Suite is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
- Ivanti Landesk Management Suite 10.0.1.168