Home

Description

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.

PUBLISHED Reserved 2023-08-29 | Published 2023-11-03 | Updated 2024-09-05 | Assigner twcert




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

V1.4 2021/09/14
affected

References

www.twcert.org.tw/tw/cp-132-7507-55b28-1.html

www.twcert.org.tw/tw/cp-132-7507-55b28-1.html

cve.org (CVE-2023-41344)

nvd.nist.gov (CVE-2023-41344)

Download JSON