Vulnerabilities > CVE-2019-16382 - Unspecified vulnerability in Ivanti Workspace Control 10.3.110.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ivanti

NVD

Published: 2020-03-19

Updated: 2020-08-24

Summary

An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Workspace Control 10.3.110.0	1

References

https://forums.ivanti.com/s/article/Security-Alert-Ivanti-Workspace-Control-September-2019
https://twitter.com/jmoosdijk