Outbreak AlertIvanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Zero-day vulnerabilities exploited in the wild
Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core) contains an authentication bypass vulnerability (CVE-2023-35078) that allows unauthenticated access to specific API paths and a path traversal vulnerability (CVE-2023-35081). An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices. Learn More »
Common Vulnerabilities and Exposures
Background
Ivanti Endpoint Manager Mobile (EPMM) is a software used to manage endpoints running specifically mobile devices running on iOS, Android etc. Successful exploitation could lead to various security risks, including but not limited to: -Unauthorized access to sensitive information stored within Ivanti EPMM -Unauthorized administrative actions, compromising the integrity and availability of the data and resources -Unintended disclosure of confidential data
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 90/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 96.6% |
 |
FortiGuard Telemetry | 263 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
July 24, 2023: The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country.
July 31, 2023: CISA issued an advisory regarding the vulnerability, and add the vulnerabilities into their Known Exploited Vulnerabilities (KEV) list.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
In response to the identified vulnerabilities, Ivanti has released patches for versions 11.8.1.1, 11.9.1.1, and 11.10.0.
CVE-2023-35081: https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081
CVE-2023-35078: https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078
Aug 8, 2023: FortiGuard Labs released IPS signature to address the vulnerability (CVE-2023-35078) and detect any attack attempts. IPS signature for the vulnerability (CVE-2023-35081) is currenlty being investigated. It is strongly recommended to apply patches as per vendor notes.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.