CVE-2023-39335

EPSS 1.62%
Veröffentlicht 15.11.2023 00:15:08
Zuletzt bearbeitet 21.11.2024 08:15:10
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ivanti ≫ Endpoint Manager Mobile Version < 11.9.0

Ivanti ≫ Endpoint Manager Mobile Version >= 11.10.0 < 11.10.0.4

Ivanti ≫ Endpoint Manager Mobile Version >= 11.11.0 < 11.11.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.62%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://forums.ivanti.com/s/article/CVE-2023-39335?language=en_US

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39335

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39335

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39335

EUVD