Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2023-28323
HistoryJun 30, 2023 - 11:40 p.m.

CVE-2023-28323

2023-06-3023:40:30
hackerone
www.cve.org
deserialization
vulnerability
epm 2022 su3
unauthenticated user
elevate rights
os vulnerabilities
privileges escalation
network machines

9.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Ivanti Endpoint Manager",
    "versions": [
      {
        "version": "2022",
        "status": "affected",
        "lessThan": "2022",
        "versionType": "semver"
      }
    ]
  }
]

Related

prion 1
cve 1
nessus 1
zdi 1
nvd 1
prion
prion
Deserialization of untrusted data
2023-07-01 00:15:00
cve
cve
CVE-2023-28323
2023-07-01 00:15:10
nessus
nessus
Ivanti Endpoint Manager < 2022 SU4 Privilege Escalation (SA-2023-06-20)
2024-06-21 00:00:00
zdi
zdi
Ivanti Endpoint Manager ProcessEPMAuthToken Deserialization of Untrusted Data Remote Code Execution Vulnerability
2023-10-05 00:00:00
nvd
nvd
CVE-2023-28323
2023-07-01 00:15:10

9.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON
Related for CVELIST:CVE-2023-28323
prion1cve1nessus1zdi1nvd1