CVE-2023-35083

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:endpoint_manager::::::::
	cpe:2.3:a:ivanti:endpoint_manager:2022:-::::::
	cpe:2.3:a:ivanti:endpoint_manager:2022:su1::::::
	cpe:2.3:a:ivanti:endpoint_manager:2022:su2::::::
	cpe:2.3:a:ivanti:endpoint_manager:2022:su3::::::

History

25 Oct 2023, 00:14

Type	Values Removed	Values Added
First Time		Ivanti Ivanti endpoint Manager
References	~~(MISC) https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US -~~	(MISC) https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US - Vendor Advisory
CPE		cpe:2.3:a:ivanti:endpoint_manager:::::::: cpe:2.3:a:ivanti:endpoint_manager:2022:su1:::::: cpe:2.3:a:ivanti:endpoint_manager:2022:su3:::::: cpe:2.3:a:ivanti:endpoint_manager:2022:su2:::::: cpe:2.3:a:ivanti:endpoint_manager:2022:-::::::
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

18 Oct 2023, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-18 04:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-35083

Mitre link : CVE-2023-35083

CVE.ORG link : CVE-2023-35083

JSON object : View

Products Affected

ivanti

endpoint_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-35083", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-10-18T04:15:10.900", "references": [{"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information."}, {"lang": "es", "value": "Permite que un atacante autenticado con acceso a la red lea archivos arbitrarios en Endpoint Manager descubierto recientemente en 2022 SU3 y todas las versiones anteriores, lo que podr\u00eda provocar la fuga de informaci\u00f3n confidencial."}], "lastModified": "2023-10-25T00:14:42.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705", "versionEndExcluding": "2022"}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}