CVE-2023-39335
published 2023-11-15CVE-2023-39335: A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.28%
80.9th percentile
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 11.9.0 | 11.9.0 |
| ivanti | endpoint_manager_mobile | >= 11.10.0 < 11.10.0.4 | 11.10.0.4 |
| ivanti | endpoint_manager_mobile | >= 11.11.0 < 11.11.0.2 | 11.11.0.2 |
| ivanti | epmm | 11.10.0.0 – 11.10.0.0 | — |
| ivanti | epmm | 11.8.0.0 – 11.8.0.0 | — |
| ivanti | epmm | 11.9.0.0 – 11.9.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the EPMM device enrollment process endpoint for unauthenticated requests attempting to impersonate existing users ↗
- ·Affected versions are EPMM 11.10, 11.9, 11.8 and older; patching to a fixed version is required to remediate the improper privilege management (CWE-269) flaw ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mm7r-fp9h-8vxr: A security vulnerability has been identified in EPMM Versions 11
ghsa_unreviewed·2023-11-15
CVE-2023-39335 [CRITICAL] CWE-269 GHSA-mm7r-fp9h-8vxr: A security vulnerability has been identified in EPMM Versions 11
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
Ivanti
Ivanti Security Advisory: CVE-2023-39335
vendor_ivanti·2023-11-15·CVSS 9.8
CVE-2023-39335 [CRITICAL] CWE-269 Ivanti Security Advisory: CVE-2023-39335
Ivanti Security Advisory: CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
CVE IDs: CVE-2023-39335
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-269
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-15
Published