CVE-2023-35078 is a remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile, which was previously branded as MobileIron Core. The vulnerability has a CVSS v3 base score of 10.0 and has a severity rating of Critical.
Ivanti has reported that they have received information from a credible source indicating active exploitation of CVE-2023-35078. A vendor supplied patch to remediate CVE-2023-35078 was released on July 24, 2023.
Background
Ivanti Endpoint Manager Mobile (EPMM) is used to configure and manage mobile devices and enforce security policies on those devices. According to Ivanti’s advisory, if exploited, CVE-2023-35078 enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.
On July 24, 2023, the Norwegian National Security Authority (NSM) released a statement that CVE-2023-35078 was used in a zero-day attack to successfully compromise the Norwegian Security and Service Organization (DSS). Additionally, the US Cybersecurity & Infrastructure Security Agency (CISA) has also released an advisory for the vulnerability as well as adding the vulnerability to their Known Exploited vulnerabilities (KEV) catalog.
According to CISA’s advisory, the vulnerability allows a remote unauthenticated attacker to access personally identifiable information (PII) and add an administrator account on the affected EPMM server, to allow for further system compromise.
The Shadowserver project has listed 2,729 IP addresses on the internet that remain ..
Support the originator by clicking the read the rest link below.
