CVE-2023-39337

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.

Una vulnerabilidad de seguridad en las versiones 11.10, 11.9 y 11.8 anteriores de EPMM permite que un actor de amenazas con conocimiento de un identificador de dispositivo registrado acceda y extraiga información confidencial, incluidos detalles de configuración del dispositivo y del entorno, así como secretos. Esta vulnerabilidad plantea un grave riesgo de seguridad y puede exponer datos confidenciales y la integridad del sistema.

*Credits: N/A

CVSS Scores

NISTv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-07-28 CVE Reserved
2023-11-14 CVE Published
2024-08-29 CVE Updated
2024-11-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://forums.ivanti.com/s/article/CVE-2023-39337?language=en_US	2023-11-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ivanti Search vendor "Ivanti"		Endpoint Manager Mobile Search vendor "Ivanti" for product "Endpoint Manager Mobile"				<= 11.9.0 Search vendor "Ivanti" for product "Endpoint Manager Mobile" and version " <= 11.9.0"		-		Affected
Ivanti Search vendor "Ivanti"		Endpoint Manager Mobile Search vendor "Ivanti" for product "Endpoint Manager Mobile"				>= 11.10.0 < 11.10.0.4 Search vendor "Ivanti" for product "Endpoint Manager Mobile" and version " >= 11.10.0 < 11.10.0.4"		-		Affected
Ivanti Search vendor "Ivanti"		Endpoint Manager Mobile Search vendor "Ivanti" for product "Endpoint Manager Mobile"				>= 11.11.0 < 11.11.0.2 Search vendor "Ivanti" for product "Endpoint Manager Mobile" and version " >= 11.11.0 < 11.11.0.2"		-		Affected