vulnerability
Ivanti EPMM/MobileIron Core: CVE-2023-35082: Authentication Bypass Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 2, 2023 | Aug 2, 2023 | Jan 19, 2024 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 2, 2023
Added
Aug 2, 2023
Modified
Jan 19, 2024
Description
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass. This is considered to be a patch bypass for CVE-2023-35078.
Update: As of 7th August Ivanti has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below.
Solution
ivantiepmm-cve-2023-35082
References
- CVE-2023-35082
- https://attackerkb.com/topics/CVE-2023-35082
- https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older
- https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.