Lucene search
HackeroneCVE-2023-28324HistoryJul 01, 2023 - 12:15 a.m.
CVE-2023-28324
2023-07-0100:15:10
CWE-20
hackerone
web.nvd.nist.gov
18
cve-2023-28324
improper input validation
ivanti endpoint manager
privilege escalation
remote code execution
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.003
Percentile
70.5%
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Affected configurations
Node
ivantiendpoint_managerRange≤2022
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ivanti | endpoint_manager | * | cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "Ivanti Endpoint Manager",
"versions": [
{
"version": "2022",
"status": "affected",
"lessThanOrEqual": "2022",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-28324
2023-06-30 23:40:19
prion
prion
Input validation
2023-07-01 00:15:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Ivanti Endpoint Manager
2024-09-13 14:02:04
Exploit for Deserialization of Untrusted Data in Ivanti Endpoint Manager
2024-09-13 14:02:04
nvd
nvd
CVE-2023-28324
2023-07-01 00:15:10
cvelist
cvelist
CVE-2023-28324
2023-06-30 23:40:19
nessus
nessus
Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)
2024-06-21 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.003
Percentile
70.5%
Related for CVE-2023-28324