Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Zero-day vulnerabilities exploited in the wild
Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core) contains an authentication bypass vulnerability (CVE-2023-35078) that allows unauthenticated access to specific API paths and a path traversal vulnerability (CVE-2023-35081). An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices. Learn More »
Common Vulnerabilities and Exposures
Background
Ivanti Endpoint Manager Mobile (EPMM) is a software used to manage endpoints running specifically mobile devices running on iOS, Android etc. Successful exploitation could lead to various security risks, including but not limited to: -Unauthorized access to sensitive information stored within Ivanti EPMM -Unauthorized administrative actions, compromising the integrity and availability of the data and resources -Unintended disclosure of confidential data
Threat Radar Overall Score: 3.8
CVSS Rating | 9.0 | |
FortiRecon Score | 90/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 96.6% | |
FortiGuard Telemetry | 263 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
July 24, 2023: The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country.
July 31, 2023: CISA issued an advisory regarding the vulnerability, and add the vulnerabilities into their Known Exploited Vulnerabilities (KEV) list.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
In response to the identified vulnerabilities, Ivanti has released patches for versions 11.8.1.1, 11.9.1.1, and 11.10.0.
CVE-2023-35081: https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081
CVE-2023-35078: https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078
Aug 8, 2023: FortiGuard Labs released IPS signature to address the vulnerability (CVE-2023-35078) and detect any attack attempts. IPS signature for the vulnerability (CVE-2023-35081) is currenlty being investigated. It is strongly recommended to apply patches as per vendor notes.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
AV Detects known malware related to Ivanti Endpoint Manager Mobile (CVE-2023-35078 and CVE-2023-35081)
AV (Pre-filter) Detects known malware related to Ivanti Endpoint Manager Mobile (CVE-2023-35078 and CVE-2023-35081)
IPS Detects and blocks attack attemtps targeting Ivanti Endpoint Manager Mobile (CVE-2023-35078)
Web App Security Detects and blocks attack attemtps targeting Ivanti Endpoint Manager Mobile (CVE-2023-35078)
Outbreak Detection
Threat Hunting
Content Update
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.