Cybersecurity scientists have discovered a bypass for a just lately fastened actively exploited vulnerability in some variations of Ivanti Endpoint Manager Cell (EPMM), prompting Ivanti to issue a new spherical of patches.
Tracked as CVE-2023-35082 (CVSS score: 10.) and found out by Fast7, the issue “makes it possible for unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).”
“If exploited, this vulnerability enables an unauthorized, distant (internet-experiencing) actor to probably entry users’ personally identifiable information and make constrained adjustments to the server,” Ivanti reported in an advisory released on August 2, 2023.
Rapid7 security researcher Stephen Fewer explained, “CVE-2023-35082 occurs from the very same spot as CVE-2023-35078, specially the permissive nature of sure entries in the mifs web application’s security filter chain.”
With the hottest disclosure, Ivanti has patched a full of 3 security flaws impacting its EPMM item in quick succession inside of a span of two weeks.
It also arrives as cybersecurity organizations from Norway and the U.S. disclosed that CVE-2023-35078 and CVE-2023-35081 have been exploited by unnamed country-state groups at the very least since April 2023 to drop web shells and gain persistent distant access to compromised techniques.
- CVE-2023-35078 (CVSS score: 10.) – An authentication bypass vulnerability in Ivanti EPMM will allow unauthorized end users to obtain restricted performance or sources of the software devoid of right authentication.
- CVE-2023-35081 (CVSS rating: 7.2) – A route traversal vulnerability is found in Ivanti EPMM that makes it possible for an attacker to create arbitrary documents onto the equipment.
Even though there is no evidence of active exploitation of CVE-2023-35082 in the wild, it’s recommended that users up grade to the most up-to-date supported version to secure in opposition to possible threats.
“MobileIron Core 11.2 has been out of aid considering that March 15, 2022,” Ivanti stated. “Consequently, Ivanti will not be issuing a patch or any other remediations to deal with this vulnerability in 11.2 or earlier versions.”
Found this write-up attention-grabbing? Stick to us on Twitter and LinkedIn to study extra special content material we article.
Some components of this post are sourced from: