Active Exploitation of New Vulnerability in Ivanti Endpoint Manager Mobile

July 30, 2023

Ivanti has reported a new vulnerability in its Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. The vulnerability, tracked as CVE-2023-35081, allows an authenticated administrator to write arbitrary files to the EPMM server. The company's advisory states, “CVE-2023-35081 enables an authenticated administrator to perform arbitrary file writes to the EPMM server.” It further explains that an attacker can chain this vulnerability with another, CVE-2023-35078, to bypass administrator authentication and ACLs restrictions.

The advisory continues, “Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user.” At present, Ivanti is only aware of a limited number of customers impacted by both CVE-2023-35081 and CVE-2023-35078. The vulnerabilities affect supported versions 11.10, 11.9, and 11.8 of EPMM, but older versions or releases are also at risk.

This week, the US Cybersecurity and Infrastructure Security Agency (CISA) added the actively exploited Ivanti EPMM vulnerability, CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog. This vulnerability is an authentication bypass issue affecting Ivanti Endpoint Manager Mobile (EPMM) mobile device management software. An unauthorized user can exploit the flaw to gain access to restricted functionality or resources of the application without the necessary authentication.

The zero-day vulnerability, CVE-2023-35078, has been exploited by threat actors in recent attacks against the ICT platform used by twelve ministries of the Norwegian government. In response to the threat, CISA has ordered federal agencies to address this flaw by August 15, 2023.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.