CVE-2019-16382

CVSS 9.8 - CRITICAL

Description

An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.

Affected Products

1

Vendor	Product	Version
ivanti	workspace_control	`10.3.110.0`

References

https://forums.ivanti.com/s/article/Security-Alert...

https://twitter.com/jmoosdijk

https://forums.ivanti.com/s/article/Security-Alert...

https://twitter.com/jmoosdijk

Weakness Types

NVD-CWE-noinfo

CVE Information

CVE ID:: CVE-2019-16382
Published:: 2020-03-19
Modified:: 2024-11-21
CVSS Score:: 9.8
Severity:: CRITICAL
Vector:: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

ivanti

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL