← back
CVE-2023-39335

CVE-2023-39335

EPSS 2.3%CWE-269
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 2.3%KEV nãoPoC Patch
Lifecycle
14 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
Affected products
Ivanti · EPMM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://forums.ivanti.com/s/article/CVE-2023-39335?language=en_US