CVE-2019-12377: Malicious File Upload
First published: Mon Jun 03 2019(Updated: )
A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti LANDESK Management Suite | =10.0.1.168-service_update_5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-12377.
What is the title of this vulnerability?
The title of this vulnerability is 'A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.'
What is the severity of CVE-2019-12377?
The severity of CVE-2019-12377 is critical with a severity value of 9.8.
Which software is affected by CVE-2019-12377?
Ivanti LANDESK Management Suite (LDMS aka Endpoint Manager) version 10.0.1.168 Service Update 5 is affected by CVE-2019-12377.
How can the vulnerability CVE-2019-12377 be exploited?
The vulnerability CVE-2019-12377 can be exploited by uploading arbitrary files through the upl/async_upload.asp web API endpoint, which may lead to arbitrary remote code execution.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti landesk management suite
- version/ivanti landesk management suite/10.0.1.168-service_update_5