CVE-2023-28323
CRITICALIvanti Endpoint Manager < 2022 Su3 - Unauthenticated Deserialization of Untrusted Data
Title source: llmDescription
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.
References (1)
Core 1
Core References
Vendor Advisory
https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323
Scores
CVSS v3
9.8
EPSS
0.0753
EPSS Percentile
91.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (2)
ivanti/endpoint_manager
2022 (4 CPE variants)
ivanti/endpoint_manager
< 2022
Published
Jul 01, 2023
Tracked Since
Feb 18, 2026