Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) has the following vulnerabilities:
- CVE-2023-35078 allows unauthenticated access to specific API paths.
- CVE-2023-35081 allows for traversing throughout the directory structure.
- CVE-2023-25082 a bypass for the original patch.
An attacker with access to these API paths can access personally identifiable information (PII), such as names, phone numbers, and other mobile device details. They can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system.
Ivanti reports that they have received information from a credible source indicating active exploitation of this vulnerability.
This vulnerability affects supported EPMM versions 11.10, 11.9, and 11.8. Older, unsupported versions are also affected.
What To Do
Ivanti has released patches and provided support resources for customers. CISA urges users and organizations to review Ivanti’s Security Advisory and knowledge base article (login required) and apply the necessary patches.
- Search Patching Cadence findings for Confirmed Exposure to CVE-2023-35078. It means the vulnerability is impacting Ivanti MobileIron.
- Use Vulnerability Detection to search for Suspected Exposure to CVE-2023-35078. It means a version of Ivanti MobileIron is vulnerable.
Resources
- Ivanti, “CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability”
- CISA, “Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078”
- CISA, “Ivanti Releases Security Updates for EPMM to address CVE-2023-35081”
- Duo Security, “New Ivanti MobilIron Core Bug Emerges”
- August 8, 2023: Search Patching Cadence findings & Vulnerability Detection.
- August 3, 2023: CVE-2023-25082 a bypass for the original patch.
- July 31, 2023: Security update & CVE-2023-35081.
Feedback
0 comments
Please sign in to leave a comment.