Security News > 2023 > August > Ivanti discloses new critical auth bypass bug in MobileIron Core
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software.
"MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.
"This vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM. Our Support team is always available to help customers to upgrade," Ivanti said in a separate security advisory.
Cybersecurity firm Rapid7, which discovered and reported the bug, provides indicators of compromise to help defenders detect signs of a CVE-2023-35082 attack and urges Ivanti customers to update MobileIron Core software to the latest version immediately.
Ivanti patches MobileIron zero-day bug exploited in attacks.
CISA issues new warning on actively exploited Ivanti MobileIron bugs.
News URL
Related news
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-35082 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |