Other official information and services: www.belgium.be

WARNING: Critical vulnerability in Ivanti Endpoint Manager Mobile (formerly MobileIron Core)

Reference:

Advisory #2023-85

Affected software:

Ivanti Endpoint Manager Mobile versions 11.10, 11.9 and 11.8

Older versions/releases are also at risk

Type:

Remote Unauthenticated API Access

CVE/CVSS:

CVE-2023-35078

Date:

25/07/2023

Sources

Ivanti - https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

Risks

The vulnerability has a HIGH impact on Confidentiality, Integrity, and Availability. Authentication, and user interaction are not required to exploit this vulnerability and the attack complexity is low.

Furthermore, this vulnerability is now being actively exploited in attacks.

Description

CVE-2023-35078: Remote Unauthenticated API Access

This authentication bypass vulnerability affects Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.

An attacker can exploit this vulnerability to access the users’ personally identifiable information and make limited changes to the server.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to visit Ivantis’s Customer Portal to download and install the patched versions of this software.

Ivanti’s Customer Portal: https://success.ivanti.com/Community_RegStep1_Page?inst=Do&startURL=%2Fservlet%2Fnetworks%2Fswitch%3FnetworkId%3D0DB1B000000PBGy%26startURL%3D%2Fs%2Farticle%2FKB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078

References

Bleeping computer - https://www.bleepingcomputer.com/news/security/ivanti-patches-mobileiron-zero-day-bug-exploited-in-attacks/ & https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/

Cyberplace - https://cyberplace.social/@GossiTheDog/110769716667847266