vulnerability
Ivanti EPMM/MobileIron Core: CVE-2023-35082: Authentication Bypass Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 2023-08-02 | 2023-08-02 | 2024-01-19 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
2023-08-02
Added
2023-08-02
Modified
2024-01-19
Description
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass. This is considered to be a patch bypass for CVE-2023-35078.
Update: As of 7th August Ivanti has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below.
Solution
ivantiepmm-cve-2023-35082
References
- CVE-2023-35082
- https://attackerkb.com/topics/CVE-2023-35082
- URL-https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older
- URL-https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.