overview
A critical vulnerability with a CVSS score of 10 was discovered in outdated versions of Ivanti's MobileIron Core, now known as Ivanti Endpoint Manager Mobile (EPMM). The vulnerability is being tracked as CVE-2023-35082 and is a remote unauthenticated API access vulnerability. This flaw could potentially give an attacker access to users' personally identifiable information and enable them to make unauthorized modifications within the server.
According to Ivanti, CVE-2023-35082 was unintentionally fixed in MobileIron Core 11.3 during the process of addressing a product bug. Prior to this, it had not been identified as a vulnerability. Rapid7 found that CVE-2023-35082 comes from the same issue as CVE-2023-35078. It's related to certain entries in the mifs web application's security filter chain being too permissive. Because of this, the new vulnerability acts as a way to bypass the patch for CVE-2023-35078 in versions 11.2 and below of the product. Additionally, if there is another vulnerability in the API, an attacker can chain the vulnerabilities together.
As of March 15, 2022, MobileIron Core 11.2 is no longer supported, and Ivanti will not provide a patch or any fixes for this vulnerability in version 11.2 or older. Ivanti is actively assisting their customers in upgrading to the latest version of Ivanti Endpoint Manager Mobile (EPMM) or migrating to the cloud version of the product, Ivanti Neurons for MDM.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-35082. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION