CVE-2023-35078
Ivanti Endpoint Manager Mobile Authentication Bypa - [Actively Exploited]
Description
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
INFO
Published Date :
July 25, 2023, 7:15 a.m.
Last Modified :
Aug. 14, 2024, 7:49 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Public PoC/Exploit Available at Github
CVE-2023-35078 has a 12 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-35078.
| URL | Resource |
|---|---|
| https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability | Vendor Advisory |
| https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 | Exploit Patch Vendor Advisory |
| https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 | Third Party Advisory US Government Resource |
| https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2023-35078 Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.
Python
Ivanti Endpoint Manager Mobile (EPMM) POC
Python
PoC. Severity critical.
Shell Ruby Python PHP
PoC. Severity critical.
cve-2023-1671 cve-2023-27350 cve-2023-2868 cve-2023-3519 cve-2023-34960 exploit poc cve-2023-28121 cve-2023-28771 cve-2023-35885 cve-2023-38646 cve-2023-34124 citrix sonicwall cve-2023-4596 cve-2023-26469 cve-2023-23333 ivanti cve-2023-40044 cve-2023-22515
Shell Python Ruby PHP
Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older
Python
Nmap script to exploit CVE-2023-35078 - Mobile Iron Core
Lua
Easy and non-intrusive script to check for CVE-2023-35078
Python
Tools to scanner & exploit cve-2023-35078
cve-2023-35078
Go
Proof of concept script to check if the site is vulnerable to CVE-2023-35078
Shell
CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC
Python
A list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.
osint penetration-testing security-tools
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
cisa-kev vulnerability 0day cisa exploits
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-35078 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-35078 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Changed Reference Type https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Patch, Vendor Advisory https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Exploit, Patch, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Aug. 01, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-287 -
Modified Analysis by [email protected]
Jun. 27, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Nov. 28, 2023
Action Type Old Value New Value Changed Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Removed CWE HackerOne CWE-287 Added CVSS V3 HackerOne AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Removed CVSS V3.1 HackerOne AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H -
Initial Analysis by [email protected]
Aug. 04, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability No Types Assigned https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability Vendor Advisory Changed Reference Type https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 No Types Assigned https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 Patch, Vendor Advisory Changed Reference Type https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 No Types Assigned https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 Third Party Advisory, US Government Resource Changed Reference Type https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability No Types Assigned https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability Vendor Advisory Added CWE NIST CWE-287 Added CPE Configuration OR *cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:* versions up to (including) 11.10
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-35078 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-35078
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
97.09 }} 0.05%
score
0.99818
percentile