CVE-2023-39335

CVE Database · CVE-2023-39335

CVE-2023-39335

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.28%

Published

Nov 14, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269

Affected Products (3)

ivanti · endpoint_manager_mobile (up to 11.9.0)vulnerable

ivanti · endpoint_manager_mobile (up to 11.10.0.4)vulnerable

ivanti · endpoint_manager_mobile (up to 11.11.0.2)vulnerable

References (2)

https://forums.ivanti.com/s/article/CVE-2023-39335?language=en_US

Vendor Advisory

https://forums.ivanti.com/s/article/CVE-2023-39335?language=en_US

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs