cbcvebase.
CVE-2023-28324
published 2023-07-01

CVE-2023-28324: A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.

PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.77%
95.6th percentile
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager<= 2022
ivantiivanti_endpoint_manager2022 – 2022

Detection & IOCsextracted from sources · hover to see the quote

processNT AUTHORITY\SYSTEM
  • Unauthenticated RPC client invoking methods on the Ivanti EPM Agent Portal that result in command execution as SYSTEM should be treated as exploitation of CVE-2023-28324.
  • Monitor for unauthenticated inbound connections to the Ivanti EPM Agent Portal service, particularly those triggering process spawning under NT AUTHORITY\SYSTEM context.
  • ·Vulnerability affects Ivanti EPM versions prior to EPM 2021.1 SU4 and EPM 2022 SU2; ensure patched versions are confirmed before removing detections.
  • ·The vulnerability is classified as improper input validation (CWE-20) with a CVSS base score of 9.8 (CRITICAL), indicating no authentication or user interaction is required for exploitation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.