A zero-day authentication bypass vulnerability is posing a threat to mobile device management worldwide. A proof-of-concept exploit for the bug has been released, escalating concerns in the cybersecurity field. The flaw, identified as CVE-2023-35078, affects Ivanti’s Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.
This vulnerability allows unauthorized remote API access, undermining the software's authentication process. Ivanti has responded by releasing security patches for the vulnerability. The company advises upgrading to EPMM versions 126.96.36.199, 188.8.131.52, and 184.108.40.206. These patches also cover unsupported and end-of-life software versions below 220.127.116.11, demonstrating Ivanti's dedication to securing even its out-of-date products.
According to Ivanti's security advisory, only a 'very limited number of customers' have been affected. The company is currently collaborating with partners and customers to further investigate the situation.
Meanwhile, security researcher Vaishno Chaitanya has developed a proof-of-concept (PoC) exploit for CVE-2023-35078. He has also provided a video demonstration of the exploit targeting a vulnerable EPMM instance. This serves as a stark warning of the risks associated with neglecting cybersecurity.
Chaitanya made the PoC exploit for the CVE-2023-35078 vulnerability available on his Github repository. PwnDefend Cyber Security Consultant Daniel Card has warned that a large number of MobileIron user portals are still exposed online. His research on Shodan reveals that over 2,900 such portals are vulnerable, with at least 36 belonging to U.S. local and state government agencies. Most of the exposed servers are located in the United States, followed by Germany, the United Kingdom, and Hong Kong.
The immediate remedy for this cybersecurity issue is to promptly apply the patches provided by Ivanti for EPMM (MobileIron). Network administrators are strongly encouraged to do so. As our world becomes more interconnected, ensuring the security of our digital spaces is increasingly vital.