Known Exploited Vulnerability
9.8
CRITICAL
CVE-2023-35078
Ivanti Endpoint Manager Mobile Authentication Bypa - [Actively Exploited]
Description

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

INFO

Published Date :

July 25, 2023, 7:15 a.m.

Last Modified :

Aug. 14, 2024, 7:49 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

Public PoC/Exploit Available at Github

CVE-2023-35078 has a 12 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-35078 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ivanti endpoint_manager_mobile
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-35078.

URL Resource
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability Vendor Advisory
https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Exploit Patch Vendor Advisory
https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 Third Party Advisory US Government Resource
https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
0nsec/CVE-2023-35078

CVE-2023-35078 Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.

Python

Updated: 6 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : March 29, 2024, 2:15 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Blue-number/CVE-2023-35078

Ivanti Endpoint Manager Mobile (EPMM) POC

Python

Updated: 1 year, 2 months ago
0 stars 0 fork 0 watcher
Born at : Aug. 30, 2023, 2:36 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
iluaster/getdrive_PoC

PoC. Severity critical.

Shell Ruby Python PHP

Updated: 1 year, 3 months ago
0 stars 1 fork 1 watcher
Born at : Aug. 10, 2023, 8:31 p.m. This repo has been linked 18 different CVEs too.
Profile Photo
getdrive/PoC

PoC. Severity critical.

cve-2023-1671 cve-2023-27350 cve-2023-2868 cve-2023-3519 cve-2023-34960 exploit poc cve-2023-28121 cve-2023-28771 cve-2023-35885 cve-2023-38646 cve-2023-34124 citrix sonicwall cve-2023-4596 cve-2023-26469 cve-2023-23333 ivanti cve-2023-40044 cve-2023-22515

Shell Python Ruby PHP

Updated: 2 months, 2 weeks ago
67 stars 17 fork 17 watcher
Born at : Aug. 5, 2023, 11:02 a.m. This repo has been linked 38 different CVEs too.
Profile Photo
Chocapikk/CVE-2023-35082

Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older

Python

Updated: 3 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : Aug. 4, 2023, 4:25 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
emanueldosreis/nmap-CVE-2023-35078-Exploit

Nmap script to exploit CVE-2023-35078 - Mobile Iron Core

Lua

Updated: 5 months, 2 weeks ago
2 stars 0 fork 0 watcher
Born at : Aug. 1, 2023, 3:41 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
synfinner/CVE-2023-35078

Easy and non-intrusive script to check for CVE-2023-35078

Python

Updated: 1 year, 3 months ago
0 stars 0 fork 0 watcher
Born at : July 31, 2023, 6:21 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
raytheon0x21/CVE-2023-35078

Tools to scanner & exploit cve-2023-35078

cve-2023-35078

Go

Updated: 10 months ago
6 stars 0 fork 0 watcher
Born at : July 31, 2023, 2:24 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
lager1/CVE-2023-35078

Proof of concept script to check if the site is vulnerable to CVE-2023-35078

Shell

Updated: 9 months, 1 week ago
4 stars 2 fork 2 watcher
Born at : July 29, 2023, 7:58 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
vchan-in/CVE-2023-35078-Exploit-POC

CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC

Python

Updated: 2 months, 3 weeks ago
117 stars 27 fork 27 watcher
Born at : July 29, 2023, 5:06 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
netlas-io/netlas-dorks

A list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.

osint penetration-testing security-tools

Updated: 2 months, 2 weeks ago
173 stars 20 fork 20 watcher
Born at : April 17, 2023, 10:27 a.m. This repo has been linked 64 different CVEs too.
Profile Photo
Ostorlab/KEV

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 2 months, 2 weeks ago
516 stars 32 fork 32 watcher
Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1181 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-35078 vulnerability anywhere in the article.

  • security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023

De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

Published Date: Nov 12, 2024 (1 week, 2 days ago)
CVE-2023-6448 CVE-2023-49103 CVE-2023-22518 CVE-2023-20273 CVE-2023-20198 CVE-2023-4966 CVE-2023-44487 CVE-2023-22515 CVE-2023-42793 CVE-2023-41064 ...+36 more CVE

The following table lists the changes that have been made to the CVE-2023-35078 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
    Changed Reference Type https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Patch, Vendor Advisory https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Exploit, Patch, Vendor Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 01, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-287
  • Modified Analysis by [email protected]

    Jun. 27, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 28, 2023

    Action Type Old Value New Value
    Changed Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
    Removed CWE HackerOne CWE-287
    Added CVSS V3 HackerOne AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Removed CVSS V3.1 HackerOne AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Initial Analysis by [email protected]

    Aug. 04, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability No Types Assigned https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability Vendor Advisory
    Changed Reference Type https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 No Types Assigned https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Patch, Vendor Advisory
    Changed Reference Type https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 No Types Assigned https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 Third Party Advisory, US Government Resource
    Changed Reference Type https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability No Types Assigned https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability Vendor Advisory
    Added CWE NIST CWE-287
    Added CPE Configuration OR *cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:* versions up to (including) 11.10
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-35078 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-35078 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

96.78 }} -0.16%

score

0.99720

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: