Vulnerabilities > CVE-2019-16382 - Unspecified vulnerability in Ivanti Workspace Control 10.3.110.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ivanti

critical

NVD

Published: 2020-03-19

Updated: 2024-11-21

Summary

An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Workspace Control 10.3.110.0	1

References

https://forums.ivanti.com/s/article/Security-Alert-Ivanti-Workspace-Control-September-2019
https://forums.ivanti.com/s/article/Security-Alert-Ivanti-Workspace-Control-September-2019
https://twitter.com/jmoosdijk
https://twitter.com/jmoosdijk