vulnerability
Ivanti EPMM/MobileIron Core: CVE-2023-35082: Authentication Bypass Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 2, 2023 | Aug 2, 2023 | Jan 19, 2024 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 2, 2023
Added
Aug 2, 2023
Modified
Jan 19, 2024
Description
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass. This is considered to be a patch bypass for CVE-2023-35078.
Update: As of 7th August Ivanti has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below.
Solution
ivantiepmm-cve-2023-35082
References
- CVE-2023-35082
- https://attackerkb.com/topics/CVE-2023-35082
- URL-https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older
- URL-https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.