What is CVE-2023-28324?

CVE-2023-28324 is a vulnerability in Ivanti Endpoint Manager. Published 2023-06-30.

Is CVE-2023-28324 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ivanti Endpoint Manager

CVE-2023-28324

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.

EPSS: 0.828 (99.3th percentile) — read the EPSS interpretation.

Affected products

Ivanti Endpoint Manager — versions 2022

Public proof-of-concept exploits

horizon3ai/CVE-2023-28324
rapid7/metasploit-framework

References

forums.ivanti.com/s/article/SA-2023-06-06-CVE-2023-28324

Frequently asked questions

What is CVE-2023-28324?: CVE-2023-28324 is a vulnerability in Ivanti Endpoint Manager. Published 2023-06-30.
Is CVE-2023-28324 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.