- 291/2023
- High
Ivanti has released security updates to fix multiple vulnerabilities in Ivanti Secure Access Client and Ivanti EPMM.
The addressed vulnerabilities could allow the attacker to gain access, perform a denial of service attack, and gain elevated privileges on the affected System.
Sample of The Addressed Vulnerabilities:
1. Ivanti EPMM Authenticated User Enrolled as Another User (CVE-2023-39335):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Ivanti Secure Access Client Privileges Escalation (CVE-2023-41718):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-41718
- CVE-2023-35080
- CVE-2023-38043
- CVE-2023-38543
- CVE-2023-38544
- CVE-2023-39335
- CVE-2023-39337
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.