PT-2023-21649 · Ivanti · Ivanti Endpoint Manager

Published

2023-06-30

Updated

2024-10-21

CVE-2023-28324

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions 2022 and below

Description A improper input validation vulnerability exists that could allow privilege escalation or remote code execution.

Recommendations For Ivanti Endpoint Manager versions 2022 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2023-28324

Affected Products

Ivanti Endpoint Manager

PT-2023-21649 · Ivanti · Ivanti Endpoint Manager

CVE-2023-28324

Weakness Enumeration

Related Identifiers

Affected Products

References · 13