[CDP-development] TLP:GREEN (Vulnerability Alert Notification) - CVE-2023-35082: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Thu Jan 18 14:09:42 PST 2024 

Good afternoon,

The SOC Services team is reporting on the vulnerability: CVE-2023-35082: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On January 18, 2024, CISA added CVE-2023-35082 to the Known Exploited Vulnerabilities Catalog, a vulnerability with a CVSS score of 10.0. Ivanti has stated, "This vulnerability only impacts EPMM / MobileIron Core. No other Ivanti products are affected.".

The following products are affected:

  *   Ivanti Endpoint Manager Mobile (EPMM
     *   11.10
     *   11.9
     *   11.8
  *   MobileIron Core 11.7 and below
Fixed version:

  *   11.11.0.0 and higher

Ivanti has released the following security advisory related to the vulnerability which can be found here: https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US

Intelligence: As of January 18, 2024, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: An authentication bypass vulnerability in MobileIron Core version 11.2 and prior versions to allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

Post-Exploit: Upon successful exploitation of the vulnerability, an unauthorized user could gain access, restricted functionality, or resources of the application.

As of January 16, 2024, the following vulnerability plugins have been released and are currently in Tenable Security Center:
Plugin
Title
Severity
179335<https://www.tenable.com/plugins/nessus/179335>
Ivanti Endpoint Manager Mobile Remote Unauthenticated API Access (CVE-2023-35082)
Critical
179336<https://www.tenable.com/plugins/nessus/179336>
Ivanti Endpoint Manager Mobile < 11.3 Remote Unauthenticated API Access (CVE-2023-35082)
Critical

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.

[cid:image001.png at 01DA4A13.5290DB30]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240118/a531414c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240118/a531414c/attachment-0001.png>

More information about the CDP-development mailing list