Security News > 2024 > January > Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)
A previously patched critical vulnerability affecting Ivanti Endpoint Manager Mobile and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog.
It is not known whether the vulnerability is being exploited by ransomware groups, and CISA does not publish specific information about attacks in which the vulnerabilities in the KEV catalog are exploited.
CVE-2023-35082 is a remote unauthenticated API access vulnerability that can be exploited by unauthorized, remote threat actors to obtain users' personally identifiable information and make alterations to the server.
The flaw was discovered and reported by Rapid7 in early August, 2023, and they consider it to be a patch bypass for CVE-2023-35078, another authentication bypass vulnerability in Ivanti EPMM. CVE-2023-35082 was initially believed to affect only MobileIron Core versions 11.2 and prior, but Ivanti soon confirmed that it affects all versions of Ivanti Endpoint Manager Mobile 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below.
Ivanti first provided an RPM script for versions 11.10 to 11.3 as a temporary mitigation, and later included a fix in EPMM v11.11.
Ivanti has recently disclosed two zero-days affecting its Connect Secure VPN devices that are also being exploited by attackers.
News URL
https://www.helpnetsecurity.com/2024/01/19/exploited-cve-2023-35082/
Related news
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-35082 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |