Security News > 2023 > August > Ivanti discloses new critical auth bypass bug in MobileIron Core

Ivanti discloses new critical auth bypass bug in MobileIron Core
2023-08-02 20:49

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software.

"MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.

"This vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM. Our Support team is always available to help customers to upgrade," Ivanti said in a separate security advisory.

Cybersecurity firm Rapid7, which discovered and reported the bug, provides indicators of compromise to help defenders detect signs of a CVE-2023-35082 attack and urges Ivanti customers to update MobileIron Core software to the latest version immediately.

Ivanti patches MobileIron zero-day bug exploited in attacks.

CISA issues new warning on actively exploited Ivanti MobileIron bugs.


News URL

https://www.bleepingcomputer.com/news/security/ivanti-discloses-new-critical-auth-bypass-bug-in-mobileiron-core/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-35082 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 9 64 115 60 248
Mobileiron 8 0 4 2 3 9