Privilege Escalation Vulnerability in EPM 2022 by Ivanti
CVE-2023-28323

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Ivanti Endpoint Manager
Vendor: CVE Published:; 1 July 2023

Summary

The vulnerability exists in EPM 2022 Su3 and all prior versions, allowing unauthenticated users to modify data through the deserialization of untrusted input. This flaw could enable attackers to elevate their privileges, potentially combining it with other operating system vulnerabilities to gain higher access rights on the machine. Furthermore, it can serve as a foothold for accessing other devices within the network, posing significant security risks.

Affected Version(s)

Ivanti Endpoint Manager 2022

References

https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-202...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2023
Vulnerability Reserved
Mar 14, 2023