CVE-2019-16382

CVE Database · CVE-2019-16382

CVE-2019-16382

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.88%

Published

Mar 19, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (1)

ivanti · workspace_controlvulnerable

References (4)

https://forums.ivanti.com/s/article/Security-Alert-Ivanti-Workspace-Control-September-2019

PatchVendor Advisory

https://twitter.com/jmoosdijk

Third Party Advisory

https://forums.ivanti.com/s/article/Security-Alert-Ivanti-Workspace-Control-September-2019

PatchVendor Advisory

https://twitter.com/jmoosdijk

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs