CVE-2023-28323
published 2023-07-01CVE-2023-28323: A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.12%
86.2th percentile
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2022 | 2022 |
| ivanti | endpoint_manager | — | — |
| ivanti | ivanti_endpoint_manager | >= 2022 < 2022 | 2022 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Ivanti EPM (Endpoint Manager) 2022 SU3 and all prior versions; monitor for unauthenticated deserialization attempts against EPM services ↗
- →Watch for privilege escalation activity on EPM-managed machines, particularly chained with OS-level vulnerabilities, as this CVE may be used as a stepping stone for lateral movement to other network-attached machines ↗
- ·Vulnerability affects EPM 2022 SU3 and ALL prior versions; scope of affected deployments is broad and includes all unpatched EPM installations regardless of minor version ↗
- ·The deserialization flaw is exploitable by unauthenticated users (no credentials required), significantly lowering the bar for exploitation and widening the attack surface — CVSS 9.8 CRITICAL (CWE-502) ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-28323
vendor_ivanti·2023-07-01·CVSS 9.8
CVE-2023-28323 [CRITICAL] CWE-502 Ivanti Security Advisory: CVE-2023-28323
Ivanti Security Advisory: CVE-2023-28323
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.
CVE IDs: CVE-2023-28323
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-502
GHSA
GHSA-638m-xxfq-rm3j: A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights
ghsa_unreviewed·2023-07-01
CVE-2023-28323 [CRITICAL] CWE-502 GHSA-638m-xxfq-rm3j: A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.
No detection rules found.
No public exploits indexed.
2023-07-01
Published