tags:ivantienterprise_appvpnarbitrary_file_upload
original link: CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
newsletter link: exploits.club Weekly Newsletter 07
Exploits Club Summary:
âSiri play âKick You When Youâre Downâ by AC/DCâ is probably what someone at Ivanti muttered to their iPhone this week. Following the two critical vulnerabilities we reported on a few weeks ago, a third vulnerability in Ivantiâs VPN app started to see mass exploitation over the weekend. And then, as if that wasnât enough, ZDI released this write-up detailing a recently patched RCE in Ivantiâs Avalanche enterprise mobility management software program. Yikes.