Ivanti EPMM Path Traversal / Remote Arbitrary File Write
CVE-2023-35081 is a path traversal vulnerability in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core. It affects supported versions 11.10.x prior to 11.10.0.3, 11.9.x prior to 11.9.1.2, and 11.8.x prior to 11.8.1.2. The flaw allows an authenticated EPMM administrator to write arbitrary files onto the appliance. Reporting and vendor statements describe this as a directory traversal/arbitrary file write issue that can be used to place attacker-controlled files, including webshells, with the operating system privileges of the EPMM web application server. Multiple sources in the provided content note that this vulnerability was observed being chained with CVE-2023-35078, which can bypass administrator authentication and ACL restrictions, thereby turning the nominal authenticated-admin requirement into a practical remote exploitation path in real-world attacks.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
20 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Unknown (mentioned as related Ivanti EPMM CVE in the same advisory context, but no details provided in the content).
A path traversal flaw in Ivanti EPMM that allows arbitrary file overwrite; when chained with CVE-2023-35078 it can be used to establish persistence (e.g., web shells) and enable further remote code execution/backdooring.
An Ivanti Endpoint Manager Mobile (EPMM) vulnerability (CVSS 7.8) referenced as being weaponized as part of an exploit chain in the wild.
Remote arbitrary file write vulnerability in Ivanti Endpoint Manager Mobile (EPMM) referenced as part of historical EPMM exploitation trends.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.