CVE-2023-35078: Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
First published: Tue Jul 25 2023(Updated: )
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Credit: support@hackerone.com support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Endpoint Manager Mobile | <=11.10 | |
| Ivanti Endpoint Manager Mobile | =11.10 | |
| Ivanti Endpoint Manager Mobile | =11.9 | |
| Ivanti Endpoint Manager Mobile | =11.8 | |
| MobileIron Core | =11.7 and below | |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability
- https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
- https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078
- https://www.bleepingcomputer.com/news/security/cisa-critical-ivanti-auth-bypass-bug-now-actively-exploited/
- https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/
- https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US;
- https://nvd.nist.gov/vuln/detail/CVE-2023-35078
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-35078.
What is the title of the vulnerability?
The title of the vulnerability is Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability.
What is the severity of CVE-2023-35078?
The severity of CVE-2023-35078 is critical.
What is affected by CVE-2023-35078?
Ivanti Endpoint Manager Mobile (EPMM) versions up to and including 11.10 are affected by CVE-2023-35078.
How can an attacker exploit CVE-2023-35078?
An attacker can exploit CVE-2023-35078 by bypassing authentication and gaining unauthenticated access to specific API paths, allowing them to access personally identifiable information (PII).
Are there any security updates available for CVE-2023-35078?
Yes, Ivanti has released security updates for Endpoint Manager Mobile (EPMM) to address CVE-2023-35078.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/weakness
- agent/severity
- agent/description
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-35082
- alias/CVE-2023-46805
- alias/CVE-2024-21887
- alias/CVE-2021-22893
- alias/CVE-2023-35078
- alias/CVE-2023-35081
- alias/CVE-2023-38035
- agent/news-ai
- agent/software-canonical-lookup
- alias/CVE-2024-24996
- alias/CVE-2024-29204
- alias/CVE-2023-32560
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- vendor/ivanti
- canonical/ivanti endpoint manager mobile
- version/ivanti endpoint manager mobile/11.10
- version/ivanti endpoint manager mobile/11.9
- version/ivanti endpoint manager mobile/11.8
- vendor/mobileiron
- canonical/mobileiron core
- version/mobileiron core/11.7 and below
- canonical/ivanti endpoint manager mobile (epmm)