CVE-2019-12377

CVE Database · CVE-2019-12377

CVE-2019-12377

· N/AModified

CVSS v3.1

N/A

EPSS

5.54%

Published

Jun 3, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

Weaknesses (CWE)

CWE-434

Affected Products (1)

ivanti · landesk_management_suitevulnerable

References (4)

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/

ExploitThird Party Advisory

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/

Third Party Advisory

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload/

ExploitThird Party Advisory

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs