CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products have recently been under active exploitation, and the mobile device management system is an attractive target. This bug was originally reported to the ZDI program by an anonymous researcher and was also discovered by Lucas Miller of Trend …

avalanche blog post code code execution cve device device management enterprise enterprise mobility enterprise mobility management exploitation file file upload ivanti ivanti avalanche management micro miller mobile mobile device mobile device management mobility products program remote code remote code execution report research service team trend trend micro under upload vulnerability vulnerability research