Lucene search

HackeroneCVELIST:CVE-2023-39335

HistoryNov 14, 2023 - 11:18 p.m.

CVE-2023-39335

2023-11-1423:18:08

hackerone

www.cve.org

cve-2023-39335

unauthenticated threat actor

device enrollment

unauthorized access

user accounts

resources

security risk

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "EPMM",
    "versions": [
      {
        "version": "11.10.0.0",
        "status": "affected",
        "lessThanOrEqual": "11.10.0.0",
        "versionType": "semver"
      },
      {
        "version": "11.9.0.0",
        "status": "affected",
        "lessThanOrEqual": "11.9.0.0",
        "versionType": "semver"
      },
      {
        "version": "11.8.0.0",
        "status": "affected",
        "lessThanOrEqual": "11.8.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/CVE-2023-39335?language=en_US