CVE-2023-35078

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

NVD
CISA

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-06-13 CVE Reserved
2023-07-25 CVE Published
2023-07-25 Exploited in Wild
2023-07-29 First Exploit
2023-08-15 KEV Due Date
2024-08-02 CVE Updated
2024-10-16 EPSS Updated

CWE

CWE-287: Improper Authentication

CAPEC

References (11)

URL	Tag	Source
https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078	Third Party Advisory

URL	Date	SRC
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC	2023-07-29
https://github.com/raytheon0x21/CVE-2023-35078	2023-08-27
https://github.com/emanueldosreis/nmap-CVE-2023-35078-Exploit	2023-08-01
https://github.com/lager1/CVE-2023-35078	2023-07-29
https://github.com/0nsec/CVE-2023-35078	2024-03-29
https://github.com/Blue-number/CVE-2023-35078	2023-08-30
https://github.com/synfinner/CVE-2023-35078	2023-07-31

URL	Date	SRC
https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078	2024-06-27

URL	Date	SRC
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability	2024-06-27
https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability	2024-06-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ivanti Search vendor "Ivanti"		Endpoint Manager Mobile Search vendor "Ivanti" for product "Endpoint Manager Mobile"				<= 11.10 Search vendor "Ivanti" for product "Endpoint Manager Mobile" and version " <= 11.10"		-		Affected