CVE-2023-28324
published 2023-07-01CVE-2023-28324: A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.77%
95.6th percentile
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | <= 2022 | — |
| ivanti | ivanti_endpoint_manager | 2022 – 2022 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated RPC client invoking methods on the Ivanti EPM Agent Portal that result in command execution as SYSTEM should be treated as exploitation of CVE-2023-28324. ↗
- →Monitor for unauthenticated inbound connections to the Ivanti EPM Agent Portal service, particularly those triggering process spawning under NT AUTHORITY\SYSTEM context. ↗
- ·Vulnerability affects Ivanti EPM versions prior to EPM 2021.1 SU4 and EPM 2022 SU2; ensure patched versions are confirmed before removing detections. ↗
- ·The vulnerability is classified as improper input validation (CWE-20) with a CVSS base score of 9.8 (CRITICAL), indicating no authentication or user interaction is required for exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-28324
vendor_ivanti·2023-07-01·CVSS 9.8
CVE-2023-28324 [CRITICAL] CWE-20 Ivanti Security Advisory: CVE-2023-28324
Ivanti Security Advisory: CVE-2023-28324
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
CVE IDs: CVE-2023-28324
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-20
GHSA
GHSA-g9xm-xhj6-2frv: A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execut
ghsa_unreviewed·2023-07-01
CVE-2023-28324 [CRITICAL] CWE-20 GHSA-g9xm-xhj6-2frv: A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execut
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
No detection rules found.
2023-07-01
Published