Authentication Bypass in Ivanti Endpoint Manager Mobile
CVE-2023-35078

9.8CRITICAL

Key Information:

Vendor
Ivanti
Status
Endpoint Manager Mobile
Vendor
CVE Published:
25 July 2023

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 96%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

The authentication bypass vulnerability in Ivanti Endpoint Manager Mobile (EPMM) potentially allows unauthorized users to access restricted application functionality and resources without proper authentication. This flaw emphasizes the importance of ensuring robust access controls and securing API endpoints to prevent unauthorized exploitation.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Endpoint Manager Mobile 11.10

Endpoint Manager Mobile 11.10

Endpoint Manager Mobile 11.9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-35078-Exploit-POC
Created by vchan-in

CVE-2023-35078
Created by raytheon0x21

CVE-2023-35078
Created by lager1

News Articles

favicon imageThe Hacker News

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

Researchers discover bypass for a recently fixed vulnerability in Ivanti Endpoint Manager Mobile (EPMM).

favicon imageHelp Net Security

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) - Help Net Security

Ivanti has disclosed a new critical vulnerability (CVE-2023-35082) affecting out-of-support versions of MobileIron Core (Ivanti EPMM).

References

https://forums.ivanti.com/s/article/CVE-2023-35078-Remote...
https://forums.ivanti.com/s/article/KB-Remote-unauthentic...
https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti...

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ“°

    First article discovered by Infosecurity Magazine

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.