cvelistv5 - CVE-2023-35078

CVE-2023-35078 (GCVE-0-2023-35078)

Vulnerability from cvelistv5 – Published: 2023-07-25 06:08 – Updated: 2025-10-21 23:05

CISA

Summary

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

Severity ?

10 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

hackerone

References

URL

Tags

	https://forums.ivanti.com/s/article/CVE-2023-3507…
	https://forums.ivanti.com/s/article/KB-Remote-una…
	https://www.cisa.gov/news-events/alerts/2023/07/2…
	https://www.ivanti.com/blog/cve-2023-35078-new-iv…

Impacted products

	Vendor	Product	Version
	Ivanti	Endpoint Manager Mobile	Unaffected: 11.10 , ≤ 11.10 (semver) Unaffected: 11.9 , ≤ 11.9 (semver) Unaffected: 11.8 , ≤ 11.8 (semver)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-07-25

Due date: 2023-08-15

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35078

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35078",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:16.354948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-07-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:42.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-07-25T00:00:00+00:00",
            "value": "CVE-2023-35078 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:57.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Endpoint Manager Mobile",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "11.10",
              "status": "unaffected",
              "version": "11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.9",
              "status": "unaffected",
              "version": "11.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.8",
              "status": "unaffected",
              "version": "11.8",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-28T19:30:31.171Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
        },
        {
          "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
        },
        {
          "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
        },
        {
          "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-35078",
    "datePublished": "2023-07-25T06:08:38.441Z",
    "dateReserved": "2023-06-13T01:00:11.783Z",
    "dateUpdated": "2025-10-21T23:05:42.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-35078",
      "cwes": "[\"CWE-287\"]",
      "dateAdded": "2023-07-25",
      "dueDate": "2023-08-15",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US;  https://nvd.nist.gov/vuln/detail/CVE-2023-35078",
      "product": "Endpoint Manager Mobile (EPMM)",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.",
      "vendorProject": "Ivanti",
      "vulnerabilityName": "Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-08-15",
      "cisaExploitAdd": "2023-07-25",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.8.1.1\", \"matchCriteriaId\": \"7C48786C-399D-4B0C-8082-64112C4DA5C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.9.0\", \"versionEndExcluding\": \"11.9.1.1\", \"matchCriteriaId\": \"50C1A12C-5862-48B6-ADA3-4222516DA152\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.10\", \"versionEndExcluding\": \"11.10.0.2\", \"matchCriteriaId\": \"76DAE9E0-15F0-40AB-8D03-E64423AD0E07\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n en Ivanti EPMM permite a usuarios no autorizados acceder a funciones o recursos restringidos de la aplicaci\\u00f3n sin la autenticaci\\u00f3n adecuada.\"}]",
      "id": "CVE-2023-35078",
      "lastModified": "2024-12-20T17:50:19.417",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
      "published": "2023-07-25T07:15:10.897",
      "references": "[{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-35078\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2023-07-25T07:15:10.897\",\"lastModified\":\"2025-10-31T21:58:35.650\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Ivanti EPMM permite a usuarios no autorizados acceder a funciones o recursos restringidos de la aplicaci\u00f3n sin la autenticaci\u00f3n adecuada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"cisaExploitAdd\":\"2023-07-25\",\"cisaActionDue\":\"2023-08-15\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.8.1.1\",\"matchCriteriaId\":\"7C48786C-399D-4B0C-8082-64112C4DA5C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.9.0\",\"versionEndExcluding\":\"11.9.1.1\",\"matchCriteriaId\":\"50C1A12C-5862-48B6-ADA3-4222516DA152\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.10\",\"versionEndExcluding\":\"11.10.0.2\",\"matchCriteriaId\":\"76DAE9E0-15F0-40AB-8D03-E64423AD0E07\"}]}]}],\"references\":[{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:23:57.598Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-35078\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-09T05:05:16.354948Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-07-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\"], \"vendor\": \"ivanti\", \"product\": \"endpoint_manager_mobile\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.10.0.1\", \"lessThan\": \"11.10.0.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.9.1.0\", \"lessThan\": \"11.9.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.8.1.0\", \"lessThan\": \"11.8.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.8.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\"], \"vendor\": \"ivanti\", \"product\": \"endpoint_manager_mobile\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.10.0.1\", \"lessThan\": \"11.10.0.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.9.1.0\", \"lessThan\": \"11.9.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.8.1.0\", \"lessThan\": \"11.8.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.8.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\"], \"vendor\": \"ivanti\", \"product\": \"endpoint_manager_mobile\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.10.0.1\", \"lessThan\": \"11.10.0.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.9.1.0\", \"lessThan\": \"11.9.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.8.1.0\", \"lessThan\": \"11.8.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.8.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*\"], \"vendor\": \"ivanti\", \"product\": \"endpoint_manager_mobile\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.10.0.1\", \"lessThan\": \"11.10.0.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.9.1.0\", \"lessThan\": \"11.9.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.8.1.0\", \"lessThan\": \"11.8.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.8.1.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-07-25T00:00:00+00:00\", \"value\": \"CVE-2023-35078 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-24T20:45:52.608Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Ivanti\", \"product\": \"Endpoint Manager Mobile\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"11.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.10\"}, {\"status\": \"unaffected\", \"version\": \"11.9\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.9\"}, {\"status\": \"unaffected\", \"version\": \"11.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.8\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability\"}, {\"url\": \"https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078\"}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078\"}, {\"url\": \"https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2023-11-28T19:30:31.171Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-35078\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:42.374Z\", \"dateReserved\": \"2023-06-13T01:00:11.783Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2023-07-25T06:08:38.441Z\", \"assignerShortName\": \"hackerone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 15 septembre 2023] Correction de la vulnérabilité CVE-2023-35082

Le 21 août 2023, l'éditeur a publié une mise à jour du bulletin complémentaire de sécurité [3] pour annoncer la disponibilité d'un correctif concernant la vulnérabilité CVE-2023-35082. Ce correctif est inclus dans la version 11.11.0.0 d'Ivanti EPMM [5].

[Mise à jour du 11 août 2023] Avis Ivanti concernant la vulnérabilité CVE-2023-35082

Le 07 août 2023, Ivanti a publié un nouvel avis de sécurité [3] indiquant que la vulnérabilité CVE-2023-35082 affecte toutes les versions de Endpoint Manager Mobile, et non pas uniquement les versions antérieures à 11.3 comme indiqué dans l'avis du 02 août 2023 [4].

Cette vulnérabilité permet à un attaquant d'obtenir un accès non authentifié à des chemins d'API spécifiques afin de récupérer des informations personnellement identifiables (PII) d'utilisateurs.

Dans l’attente de la publication de la version 11.11, Ivanti fournit un script RPM corrigeant cette vulnérabilité pour les versions 11.8.1.2, 11.9.1.2 et 11.10.0.3. Si l’équipement est dans une version antérieure, il est conseillé de le mettre à jour vers l’une de ces trois versions, puis d’exécuter le script. Cette procédure est décrite dans l’avis.

L'éditeur annonce que :

La vulnérabilité CVE-2023-35082 est exploitable uniquement sur HTTP mais pas HTTPS ;
Une preuve de concept est disponible publiquement ;
La vulnérabilité CVE-2023-35082 est activement exploitée.

[Mise à jour du 02 août 2023] Compléments d'informations techniques sur l'exploitation des vulnérabilités affectant le produit Ivanti EPMM

Le 01 août 2023, la CISA conjointement avec l'agence de sécurité des systèmes d'information norvégienne (NCSC-NO) ont publié un avis [1] concernant les vulnérabilités CVE-2023-35078 et CVE-2023-35081. Selon elles, la vulnérabilité CVE-2023-35078 est exploitée depuis au moins avril 2023.

L'avis documente certaines des actions prises par les attaquants :

interrogations LDAP sur les serveurs Active Directory pour l'énumération des machines ;
utilisation de requêtes HTTP de type GET /mifs/aad/api/v2/authorized/users pour la collecte de la liste des utilisateurs enregistrés sur les EPMM ;
altération des configurations de ces équipements ;
surveillance et modification des journaux d'activités, notamment avec l'application malveillante mi.war (1cd358d28b626b7a23b9fd4944e29077c265db46) ;
utilisation d'un code malveillant, dont le condensat Sha1 est c0b42bbd06d6e25dfe8faebd735944714b421388 ;
latéralisation sur les serveurs de messagerie.

La NCSC-NO conseille de rechercher toutes les occurrences du motif /mifs/aad/api/v2/ dans les journaux (collectés à distance) afin de déterminer si une intrusion a eu lieu. De plus, toute augmentation des évènements EventCode=1644 dans l'AD (ainsi que des valeurs 4662, 5136 et 1153) en provenance de l'EPMM à partir d'avril 2023 doit être considérée comme suspecte.

La NCSC-NO conseille également d'analyser les flux réseaux de l'EPMM vers d'autres serveurs internes et d'analyser le disque ainsi que la mémoire de l'équipement.

La CISA fournit des indicateurs de compromission ainsi que des modèles de l'outil de scan Nuclei, servant à déterminer si un équipement est vulnérable.

Le CERT-FR rappelle que l'application seule des correctifs n'est pas suffisante. En cas de suspicion de compromission, il est recommandé de continuer les investigations afin de déterminer les actions prises par un éventuel attaquant [1][2]. La mise à jour du système doit donc également s'accompagner d'analyses réseaux et systèmes dans le but de déterminer si une intrusion a eu lieu, les indicateurs de compromission fournis n'étant pas exhaustifs.

En cas de doute, il est préférable de réinstaller l'équipement et procéder au renouvellement de tous les secrets associés à l'application.

[Mise à jour du 31 juillet 2023]

Le 28 juillet 2023, Ivanti a publié un nouvel avis concernant Endpoint Manager Mobile, anciennement MobileIron Core. La vulnérabilité CVE-2023-35081 permet à un attaquant ayant les droits administrateur d'effectuer une écriture arbitraire de fichier sur le serveur, conduisant in fine à une exécution de code arbitraire à distance.

Selon Ivanti, cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées, en combinaison avec la vulnérabilité CVE-2023-35078 qui permet de contourner l'authentification administrateur.

[Publication initiale]

Le 24 juillet 2023, Ivanti a corrigé une vulnérabilité affectant le produit Endpoint Manager Mobile, anciennement MobileIron Core. Cette vulnérabilité permet à un attaquant d'obtenir un accès non authentifié à des chemins d'API spécifiques afin de récupérer des informations personnellement identifiables (PII) d'utilisateurs. Un attaquant peut également, par le biais de cette vulnérabilité, modifier la configuration du produit EPMM et créer un compte administrateur.

Le CERT-FR a connaissance d'exploitation de cette vulnérabilité. Il est donc fortement recommandé d'appliquer le correctif de sécurité dans les plus brefs délais.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ivanti Endpoint Manager Mobile (EPMM), anciennement MobileIron Core, toutes versions sans le dernier correctif de sécurité

Ivanti précise que seules les versions supportées, à savoir 11.10, 11.9 et 11.8, recevront un correctif de sécurité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-35078 du 24 juillet 2023	None	vendor-advisory
Bulletin de sécurité Ivanti CVE-2023-35081 du 28 juillet 2023	None	vendor-advisory
[3] Bulletin complémentaire de sécurité Ivanti CVE-2023-35082 du 07 août 2023	-	other
[2] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
Avis de sécurité CERTFR-2023-AVI-0584 du 25 juillet 2023	-	other
[5] Mises à jour Ivanti EPMM	-	other
[1] Publication de la CISA et de la NCSC-NO	-	other
Avis de sécurité CERTFR-2023-AVI-0604 du 31 juillet 2023	-	other
[4] Avis de sécurité CERTFR-2023-AVI-0615 du 03 août 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIvanti \u003cspan class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"14:306;a\"\u003e\u003cspan data-aura-rendered-by=\"15:306;a\"\u003eEndpoint Manager Mobile (EPMM), anciennement MobileIron Core, toutes versions sans le dernier correctif de s\u00e9curit\u00e9\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIvanti pr\u00e9cise que seules les versions support\u00e9es, \u00e0 savoir\u00a0\u003cspan class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"36:307;a\"\u003e11.10, 11.9 et 11.8, \u003c/span\u003e recevront un correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "closed_at": "2023-09-15",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35081"
    },
    {
      "name": "CVE-2023-35082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35082"
    },
    {
      "name": "CVE-2023-35078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"
    }
  ],
  "links": [
    {
      "title": "[3] Bulletin compl\u00e9mentaire de s\u00e9curit\u00e9 Ivanti CVE-2023-35082 du 07 ao\u00fbt 2023",
      "url": "https://forums.ivanti.com/s/article/KB-Remote-Unauthenticated-API-Access-Vulnerability-CVE-2023-35082?language=en_US"
    },
    {
      "title": "[2] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTFR-2023-AVI-0584 du 25 juillet 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0584/"
    },
    {
      "title": "[5] Mises \u00e0 jour Ivanti EPMM",
      "url": "https://help.ivanti.com/mi/help/en_us/core/11.x/rn/CoreConnectorReleaseNotes/Resolved_issues.htm"
    },
    {
      "title": "[1] Publication de la CISA et de la NCSC-NO",
      "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTFR-2023-AVI-0604 du 31 juillet 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0604/"
    },
    {
      "title": "[4] Avis de s\u00e9curit\u00e9 CERTFR-2023-AVI-0615 du 03 ao\u00fbt 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0615/"
    }
  ],
  "reference": "CERTFR-2023-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-26T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour de l\u0027alerte pour inclure les informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-35081.",
      "revision_date": "2023-07-31T00:00:00.000000"
    },
    {
      "description": "Ajout de la publication de la CISA et de la NCSC-NO.",
      "revision_date": "2023-08-02T00:00:00.000000"
    },
    {
      "description": "Avis Ivanti concernant la vuln\u00e9rabilit\u00e9 CVE-2023-35082.",
      "revision_date": "2023-08-11T00:00:00.000000"
    },
    {
      "description": "Avis Ivanti concernant la disponibilit\u00e9 d\u0027un correctif.",
      "revision_date": "2023-09-15T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2023-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\" darkreader-inline-color=\"\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour\ndu 15 septembre 2023\\]\u003c/strong\u003e \u003c/span\u003e\u003cstrong\u003eCorrection de la vuln\u00e9rabilit\u00e9\nCVE-2023-35082\u003c/strong\u003e\n\nLe 21 ao\u00fbt 2023, l\u0027\u00e9diteur a publi\u00e9 une mise \u00e0 jour du bulletin\ncompl\u00e9mentaire de s\u00e9curit\u00e9 \\[3\\] pour annoncer la disponibilit\u00e9 d\u0027un\ncorrectif concernant la vuln\u00e9rabilit\u00e9 CVE-2023-35082. Ce correctif est\ninclus dans la version 11.11.0.0 d\u0027Ivanti EPMM \\[5\\].\n\n\u003cspan style=\"color: #ff0000;\" darkreader-inline-color=\"\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour\ndu 11 ao\u00fbt 2023\\]\u003c/strong\u003e \u003c/span\u003e\u003cstrong\u003eAvis Ivanti concernant la vuln\u00e9rabilit\u00e9\nCVE-2023-35082\u003c/strong\u003e\n\nLe 07 ao\u00fbt 2023, Ivanti a publi\u00e9 un nouvel avis de s\u00e9curit\u00e9 \\[3\\]\nindiquant que la vuln\u00e9rabilit\u00e9 CVE-2023-35082 affecte toutes les\nversions de Endpoint Manager Mobile, et non pas uniquement les versions\nant\u00e9rieures \u00e0 11.3 comme indiqu\u00e9 dans l\u0027avis du 02 ao\u00fbt 2023 \\[4\\].\n\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u0027obtenir un acc\u00e8s non\nauthentifi\u00e9 \u00e0 des chemins d\u0027API sp\u00e9cifiques afin de r\u00e9cup\u00e9rer des\ninformations personnellement identifiables (PII) d\u0027utilisateurs.\n\nDans l\u2019attente de la publication de la version 11.11, Ivanti fournit un\nscript RPM corrigeant cette vuln\u00e9rabilit\u00e9 pour les versions 11.8.1.2,\n11.9.1.2 et 11.10.0.3. Si l\u2019\u00e9quipement est dans une version ant\u00e9rieure,\nil est conseill\u00e9 de le mettre \u00e0 jour vers l\u2019une de ces trois versions,\npuis d\u2019ex\u00e9cuter le script. Cette proc\u00e9dure est d\u00e9crite dans l\u2019avis.\n\nL\u0027\u00e9diteur annonce que :\n\n-   La vuln\u00e9rabilit\u00e9 CVE-2023-35082 est exploitable uniquement sur HTTP\n    mais pas HTTPS ;\n-   Une preuve de concept est disponible publiquement ;\n-   La vuln\u00e9rabilit\u00e9 CVE-2023-35082 est activement exploit\u00e9e.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 02 ao\u00fbt 2023\\]\u003c/strong\u003e \u003cstrong\u003eCompl\u00e9ments d\u0027informations\ntechniques sur l\u0027exploitation des vuln\u00e9rabilit\u00e9s affectant le produit\nIvanti EPMM  \n\u003c/strong\u003e\n\nLe 01 ao\u00fbt 2023, la CISA conjointement avec l\u0027agence de s\u00e9curit\u00e9 des\nsyst\u00e8mes d\u0027information norv\u00e9gienne (NCSC-NO) ont publi\u00e9 un avis \\[1\\]\nconcernant les vuln\u00e9rabilit\u00e9s CVE-2023-35078 et CVE-2023-35081. Selon\nelles, la vuln\u00e9rabilit\u00e9 CVE-2023-35078 est exploit\u00e9e depuis au moins\navril 2023.\n\nL\u0027avis documente certaines des actions prises par les attaquants :\n\n-   interrogations *LDAP* sur les serveurs *Active Directory* pour\n    l\u0027\u00e9num\u00e9ration des machines ;\n-   utilisation de requ\u00eates *HTTP* de type *GET\n    /mifs/aad/api/v2/authorized/users* pour la collecte de la liste des\n    utilisateurs enregistr\u00e9s sur les EPMM ;\n-   alt\u00e9ration des configurations de ces \u00e9quipements ;\n-   surveillance et modification des journaux d\u0027activit\u00e9s, notamment\n    avec l\u0027application malveillante *mi.war*\n    (*1cd358d28b626b7a23b9fd4944e29077c265db46*) ;\n-   utilisation d\u0027un code malveillant, dont le condensat Sha1 est\n    *c0b42bbd06d6e25dfe8faebd735944714b421388* ;\n-   lat\u00e9ralisation sur les serveurs de messagerie.\n\nLa NCSC-NO conseille de rechercher toutes les occurrences du motif\n*/mifs/aad/api/v2/* dans les journaux (collect\u00e9s \u00e0 distance) afin de\nd\u00e9terminer si une intrusion a eu lieu. De plus, toute augmentation des\n\u00e9v\u00e8nements *EventCode=1644* dans l\u0027AD (ainsi que des valeurs *4662*,\n*5136* et *1153*) en provenance de l\u0027EPMM \u00e0 partir d\u0027avril 2023 doit\n\u00eatre consid\u00e9r\u00e9e comme suspecte.\n\nLa NCSC-NO conseille \u00e9galement d\u0027analyser les flux r\u00e9seaux de l\u0027EPMM\nvers d\u0027autres serveurs internes et d\u0027analyser le disque ainsi que la\nm\u00e9moire de l\u0027\u00e9quipement.\n\nLa CISA fournit des indicateurs de compromission ainsi que des mod\u00e8les\nde l\u0027outil de scan *Nuclei,* servant \u00e0 d\u00e9terminer si un \u00e9quipement est\nvuln\u00e9rable.\n\nLe CERT-FR rappelle que l\u0027application seule des correctifs n\u0027est pas\nsuffisante. En cas de suspicion de compromission, il est recommand\u00e9 de\ncontinuer les investigations afin de d\u00e9terminer les actions prises par\nun \u00e9ventuel attaquant \\[1\\]\\[2\\]. La mise \u00e0 jour du syst\u00e8me doit donc\n\u00e9galement s\u0027accompagner d\u0027analyses r\u00e9seaux et syst\u00e8mes dans le but de\nd\u00e9terminer si une intrusion a eu lieu, les indicateurs de compromission\nfournis n\u0027\u00e9tant pas exhaustifs.\n\nEn cas de doute, il est pr\u00e9f\u00e9rable de r\u00e9installer l\u0027\u00e9quipement et\nproc\u00e9der au renouvellement de tous les secrets associ\u00e9s \u00e0 l\u0027application.\n\n\u003cspan style=\"color: #000000;\" darkreader-inline-color=\"\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour\ndu 31 juillet 2023\\]\u003c/strong\u003e\u003c/span\u003e\n\nLe 28 juillet 2023, Ivanti a publi\u00e9 un nouvel avis concernant \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"14:305;a\"\u003e\u003cspan aura-rendered-by=\"15:305;a\"\u003eEndpoint\nManager Mobile,\u003c/span\u003e\u003c/span\u003e anciennement MobileIron Core. La\nvuln\u00e9rabilit\u00e9 CVE-2023-35081 permet \u00e0 un attaquant ayant les droits\nadministrateur d\u0027effectuer une \u00e9criture arbitraire de fichier sur le\nserveur, conduisant *in fine* \u00e0 une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\nSelon Ivanti, cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le cadre\nd\u0027attaques cibl\u00e9es, en combinaison avec la vuln\u00e9rabilit\u00e9 CVE-2023-35078\nqui permet de contourner l\u0027authentification administrateur.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 24 juillet 2023, Ivanti a corrig\u00e9 une vuln\u00e9rabilit\u00e9 affectant le\nproduit \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"14:305;a\"\u003e\u003cspan aura-rendered-by=\"15:305;a\"\u003eEndpoint\nManager Mobile,\u003c/span\u003e\u003c/span\u003e anciennement MobileIron Core. Cette\nvuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u0027obtenir un acc\u00e8s non authentifi\u00e9 \u00e0\ndes chemins d\u0027API sp\u00e9cifiques afin de r\u00e9cup\u00e9rer des informations\npersonnellement identifiables (PII) d\u0027utilisateurs. Un attaquant peut\n\u00e9galement, par le biais de cette vuln\u00e9rabilit\u00e9, modifier la\nconfiguration du produit EPMM et cr\u00e9er un compte administrateur.\n\nLe CERT-FR a connaissance d\u0027exploitation de cette vuln\u00e9rabilit\u00e9. Il est\ndonc fortement recommand\u00e9 d\u0027appliquer le correctif de s\u00e9curit\u00e9 dans les\nplus brefs d\u00e9lais.\n",
  "title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Ivanti Endpoint Manager Mobile",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35078 du 24 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35081 du 28 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write"
    }
  ]
}

CERTFR-2023-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 15 septembre 2023] Correction de la vulnérabilité CVE-2023-35082

[Mise à jour du 11 août 2023] Avis Ivanti concernant la vulnérabilité CVE-2023-35082

L'éditeur annonce que :

La vulnérabilité CVE-2023-35082 est exploitable uniquement sur HTTP mais pas HTTPS ;
Une preuve de concept est disponible publiquement ;
La vulnérabilité CVE-2023-35082 est activement exploitée.

[Mise à jour du 02 août 2023] Compléments d'informations techniques sur l'exploitation des vulnérabilités affectant le produit Ivanti EPMM

L'avis documente certaines des actions prises par les attaquants :

interrogations LDAP sur les serveurs Active Directory pour l'énumération des machines ;
utilisation de requêtes HTTP de type GET /mifs/aad/api/v2/authorized/users pour la collecte de la liste des utilisateurs enregistrés sur les EPMM ;
altération des configurations de ces équipements ;
surveillance et modification des journaux d'activités, notamment avec l'application malveillante mi.war (1cd358d28b626b7a23b9fd4944e29077c265db46) ;
utilisation d'un code malveillant, dont le condensat Sha1 est c0b42bbd06d6e25dfe8faebd735944714b421388 ;
latéralisation sur les serveurs de messagerie.

La NCSC-NO conseille également d'analyser les flux réseaux de l'EPMM vers d'autres serveurs internes et d'analyser le disque ainsi que la mémoire de l'équipement.

La CISA fournit des indicateurs de compromission ainsi que des modèles de l'outil de scan Nuclei, servant à déterminer si un équipement est vulnérable.

En cas de doute, il est préférable de réinstaller l'équipement et procéder au renouvellement de tous les secrets associés à l'application.

[Mise à jour du 31 juillet 2023]

[Publication initiale]

Le CERT-FR a connaissance d'exploitation de cette vulnérabilité. Il est donc fortement recommandé d'appliquer le correctif de sécurité dans les plus brefs délais.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ivanti Endpoint Manager Mobile (EPMM), anciennement MobileIron Core, toutes versions sans le dernier correctif de sécurité

Ivanti précise que seules les versions supportées, à savoir 11.10, 11.9 et 11.8, recevront un correctif de sécurité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-35078 du 24 juillet 2023	None	vendor-advisory
Bulletin de sécurité Ivanti CVE-2023-35081 du 28 juillet 2023	None	vendor-advisory
[3] Bulletin complémentaire de sécurité Ivanti CVE-2023-35082 du 07 août 2023	-	other
[2] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
Avis de sécurité CERTFR-2023-AVI-0584 du 25 juillet 2023	-	other
[5] Mises à jour Ivanti EPMM	-	other
[1] Publication de la CISA et de la NCSC-NO	-	other
Avis de sécurité CERTFR-2023-AVI-0604 du 31 juillet 2023	-	other
[4] Avis de sécurité CERTFR-2023-AVI-0615 du 03 août 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIvanti \u003cspan class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"14:306;a\"\u003e\u003cspan data-aura-rendered-by=\"15:306;a\"\u003eEndpoint Manager Mobile (EPMM), anciennement MobileIron Core, toutes versions sans le dernier correctif de s\u00e9curit\u00e9\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIvanti pr\u00e9cise que seules les versions support\u00e9es, \u00e0 savoir\u00a0\u003cspan class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"36:307;a\"\u003e11.10, 11.9 et 11.8, \u003c/span\u003e recevront un correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "closed_at": "2023-09-15",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35081"
    },
    {
      "name": "CVE-2023-35082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35082"
    },
    {
      "name": "CVE-2023-35078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"
    }
  ],
  "links": [
    {
      "title": "[3] Bulletin compl\u00e9mentaire de s\u00e9curit\u00e9 Ivanti CVE-2023-35082 du 07 ao\u00fbt 2023",
      "url": "https://forums.ivanti.com/s/article/KB-Remote-Unauthenticated-API-Access-Vulnerability-CVE-2023-35082?language=en_US"
    },
    {
      "title": "[2] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTFR-2023-AVI-0584 du 25 juillet 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0584/"
    },
    {
      "title": "[5] Mises \u00e0 jour Ivanti EPMM",
      "url": "https://help.ivanti.com/mi/help/en_us/core/11.x/rn/CoreConnectorReleaseNotes/Resolved_issues.htm"
    },
    {
      "title": "[1] Publication de la CISA et de la NCSC-NO",
      "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTFR-2023-AVI-0604 du 31 juillet 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0604/"
    },
    {
      "title": "[4] Avis de s\u00e9curit\u00e9 CERTFR-2023-AVI-0615 du 03 ao\u00fbt 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0615/"
    }
  ],
  "reference": "CERTFR-2023-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-26T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour de l\u0027alerte pour inclure les informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-35081.",
      "revision_date": "2023-07-31T00:00:00.000000"
    },
    {
      "description": "Ajout de la publication de la CISA et de la NCSC-NO.",
      "revision_date": "2023-08-02T00:00:00.000000"
    },
    {
      "description": "Avis Ivanti concernant la vuln\u00e9rabilit\u00e9 CVE-2023-35082.",
      "revision_date": "2023-08-11T00:00:00.000000"
    },
    {
      "description": "Avis Ivanti concernant la disponibilit\u00e9 d\u0027un correctif.",
      "revision_date": "2023-09-15T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2023-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\" darkreader-inline-color=\"\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour\ndu 15 septembre 2023\\]\u003c/strong\u003e \u003c/span\u003e\u003cstrong\u003eCorrection de la vuln\u00e9rabilit\u00e9\nCVE-2023-35082\u003c/strong\u003e\n\nLe 21 ao\u00fbt 2023, l\u0027\u00e9diteur a publi\u00e9 une mise \u00e0 jour du bulletin\ncompl\u00e9mentaire de s\u00e9curit\u00e9 \\[3\\] pour annoncer la disponibilit\u00e9 d\u0027un\ncorrectif concernant la vuln\u00e9rabilit\u00e9 CVE-2023-35082. Ce correctif est\ninclus dans la version 11.11.0.0 d\u0027Ivanti EPMM \\[5\\].\n\n\u003cspan style=\"color: #ff0000;\" darkreader-inline-color=\"\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour\ndu 11 ao\u00fbt 2023\\]\u003c/strong\u003e \u003c/span\u003e\u003cstrong\u003eAvis Ivanti concernant la vuln\u00e9rabilit\u00e9\nCVE-2023-35082\u003c/strong\u003e\n\nLe 07 ao\u00fbt 2023, Ivanti a publi\u00e9 un nouvel avis de s\u00e9curit\u00e9 \\[3\\]\nindiquant que la vuln\u00e9rabilit\u00e9 CVE-2023-35082 affecte toutes les\nversions de Endpoint Manager Mobile, et non pas uniquement les versions\nant\u00e9rieures \u00e0 11.3 comme indiqu\u00e9 dans l\u0027avis du 02 ao\u00fbt 2023 \\[4\\].\n\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u0027obtenir un acc\u00e8s non\nauthentifi\u00e9 \u00e0 des chemins d\u0027API sp\u00e9cifiques afin de r\u00e9cup\u00e9rer des\ninformations personnellement identifiables (PII) d\u0027utilisateurs.\n\nDans l\u2019attente de la publication de la version 11.11, Ivanti fournit un\nscript RPM corrigeant cette vuln\u00e9rabilit\u00e9 pour les versions 11.8.1.2,\n11.9.1.2 et 11.10.0.3. Si l\u2019\u00e9quipement est dans une version ant\u00e9rieure,\nil est conseill\u00e9 de le mettre \u00e0 jour vers l\u2019une de ces trois versions,\npuis d\u2019ex\u00e9cuter le script. Cette proc\u00e9dure est d\u00e9crite dans l\u2019avis.\n\nL\u0027\u00e9diteur annonce que :\n\n-   La vuln\u00e9rabilit\u00e9 CVE-2023-35082 est exploitable uniquement sur HTTP\n    mais pas HTTPS ;\n-   Une preuve de concept est disponible publiquement ;\n-   La vuln\u00e9rabilit\u00e9 CVE-2023-35082 est activement exploit\u00e9e.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 02 ao\u00fbt 2023\\]\u003c/strong\u003e \u003cstrong\u003eCompl\u00e9ments d\u0027informations\ntechniques sur l\u0027exploitation des vuln\u00e9rabilit\u00e9s affectant le produit\nIvanti EPMM  \n\u003c/strong\u003e\n\nLe 01 ao\u00fbt 2023, la CISA conjointement avec l\u0027agence de s\u00e9curit\u00e9 des\nsyst\u00e8mes d\u0027information norv\u00e9gienne (NCSC-NO) ont publi\u00e9 un avis \\[1\\]\nconcernant les vuln\u00e9rabilit\u00e9s CVE-2023-35078 et CVE-2023-35081. Selon\nelles, la vuln\u00e9rabilit\u00e9 CVE-2023-35078 est exploit\u00e9e depuis au moins\navril 2023.\n\nL\u0027avis documente certaines des actions prises par les attaquants :\n\n-   interrogations *LDAP* sur les serveurs *Active Directory* pour\n    l\u0027\u00e9num\u00e9ration des machines ;\n-   utilisation de requ\u00eates *HTTP* de type *GET\n    /mifs/aad/api/v2/authorized/users* pour la collecte de la liste des\n    utilisateurs enregistr\u00e9s sur les EPMM ;\n-   alt\u00e9ration des configurations de ces \u00e9quipements ;\n-   surveillance et modification des journaux d\u0027activit\u00e9s, notamment\n    avec l\u0027application malveillante *mi.war*\n    (*1cd358d28b626b7a23b9fd4944e29077c265db46*) ;\n-   utilisation d\u0027un code malveillant, dont le condensat Sha1 est\n    *c0b42bbd06d6e25dfe8faebd735944714b421388* ;\n-   lat\u00e9ralisation sur les serveurs de messagerie.\n\nLa NCSC-NO conseille de rechercher toutes les occurrences du motif\n*/mifs/aad/api/v2/* dans les journaux (collect\u00e9s \u00e0 distance) afin de\nd\u00e9terminer si une intrusion a eu lieu. De plus, toute augmentation des\n\u00e9v\u00e8nements *EventCode=1644* dans l\u0027AD (ainsi que des valeurs *4662*,\n*5136* et *1153*) en provenance de l\u0027EPMM \u00e0 partir d\u0027avril 2023 doit\n\u00eatre consid\u00e9r\u00e9e comme suspecte.\n\nLa NCSC-NO conseille \u00e9galement d\u0027analyser les flux r\u00e9seaux de l\u0027EPMM\nvers d\u0027autres serveurs internes et d\u0027analyser le disque ainsi que la\nm\u00e9moire de l\u0027\u00e9quipement.\n\nLa CISA fournit des indicateurs de compromission ainsi que des mod\u00e8les\nde l\u0027outil de scan *Nuclei,* servant \u00e0 d\u00e9terminer si un \u00e9quipement est\nvuln\u00e9rable.\n\nLe CERT-FR rappelle que l\u0027application seule des correctifs n\u0027est pas\nsuffisante. En cas de suspicion de compromission, il est recommand\u00e9 de\ncontinuer les investigations afin de d\u00e9terminer les actions prises par\nun \u00e9ventuel attaquant \\[1\\]\\[2\\]. La mise \u00e0 jour du syst\u00e8me doit donc\n\u00e9galement s\u0027accompagner d\u0027analyses r\u00e9seaux et syst\u00e8mes dans le but de\nd\u00e9terminer si une intrusion a eu lieu, les indicateurs de compromission\nfournis n\u0027\u00e9tant pas exhaustifs.\n\nEn cas de doute, il est pr\u00e9f\u00e9rable de r\u00e9installer l\u0027\u00e9quipement et\nproc\u00e9der au renouvellement de tous les secrets associ\u00e9s \u00e0 l\u0027application.\n\n\u003cspan style=\"color: #000000;\" darkreader-inline-color=\"\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour\ndu 31 juillet 2023\\]\u003c/strong\u003e\u003c/span\u003e\n\nLe 28 juillet 2023, Ivanti a publi\u00e9 un nouvel avis concernant \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"14:305;a\"\u003e\u003cspan aura-rendered-by=\"15:305;a\"\u003eEndpoint\nManager Mobile,\u003c/span\u003e\u003c/span\u003e anciennement MobileIron Core. La\nvuln\u00e9rabilit\u00e9 CVE-2023-35081 permet \u00e0 un attaquant ayant les droits\nadministrateur d\u0027effectuer une \u00e9criture arbitraire de fichier sur le\nserveur, conduisant *in fine* \u00e0 une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\nSelon Ivanti, cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le cadre\nd\u0027attaques cibl\u00e9es, en combinaison avec la vuln\u00e9rabilit\u00e9 CVE-2023-35078\nqui permet de contourner l\u0027authentification administrateur.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 24 juillet 2023, Ivanti a corrig\u00e9 une vuln\u00e9rabilit\u00e9 affectant le\nproduit \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"14:305;a\"\u003e\u003cspan aura-rendered-by=\"15:305;a\"\u003eEndpoint\nManager Mobile,\u003c/span\u003e\u003c/span\u003e anciennement MobileIron Core. Cette\nvuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u0027obtenir un acc\u00e8s non authentifi\u00e9 \u00e0\ndes chemins d\u0027API sp\u00e9cifiques afin de r\u00e9cup\u00e9rer des informations\npersonnellement identifiables (PII) d\u0027utilisateurs. Un attaquant peut\n\u00e9galement, par le biais de cette vuln\u00e9rabilit\u00e9, modifier la\nconfiguration du produit EPMM et cr\u00e9er un compte administrateur.\n\nLe CERT-FR a connaissance d\u0027exploitation de cette vuln\u00e9rabilit\u00e9. Il est\ndonc fortement recommand\u00e9 d\u0027appliquer le correctif de s\u00e9curit\u00e9 dans les\nplus brefs d\u00e9lais.\n",
  "title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Ivanti Endpoint Manager Mobile",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35078 du 24 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35081 du 28 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write"
    }
  ]
}

GHSA-7R8J-4MV7-77VP

Vulnerability from github – Published: 2023-07-25 09:30 – Updated: 2025-10-22 00:32

Details

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.

Severity ?

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-35078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-25T07:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.",
  "id": "GHSA-7r8j-4mv7-77vp",
  "modified": "2025-10-22T00:32:45Z",
  "published": "2023-07-25T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35078"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
    },
    {
      "type": "WEB",
      "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0604

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Ivanti Endpoint Manager Mobile et Endpoint Manager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à l'intégrité des données.

Ivanti indique que la vulnérabilité CVE-2023-35081 est activement exploitée dans le cadre d'attaques ciblées, tout comme la vulnérabilité CVE-2023-35078.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ivanti Endpoint Manager Mobile (EPMM), anciennement MobileIron Core, versions 11.10, 11.9 et 11.8 sans le dernier correctif de sécurité

Les anciennes versions sont également affectées, mais n'étant plus supportées, ne recevront pas de correctif de sécurité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-35081 du 28 juillet 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003e\u003cspan class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"36:307;a\"\u003eIvanti Endpoint Manager Mobile (EPMM), \u003cspan data-aura-rendered-by=\"15:306;a\"\u003eanciennement\u003c/span\u003e MobileIron Core, versions 11.10, 11.9 et 11.8 sans le dernier correctif de s\u00e9curit\u00e9\u003cbr /\u003e \u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes anciennes versions sont \u00e9galement affect\u00e9es, mais n\u0027\u00e9tant plus support\u00e9es, ne recevront pas de correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"
    },
    {
      "name": "CVE-2023-35081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35081"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0604",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ivanti Endpoint Manager Mobile\net Endpoint Manager. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n\nIvanti indique que la vuln\u00e9rabilit\u00e9 \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow is-read-only iv-cad-fld iv-cad-fldtitle\"\naura-rendered-by=\"96:266;a\"\u003e\u003cspan class=\"uiOutputText\"\naura-rendered-by=\"99:266;a\" aura-class=\"uiOutputText\"\u003eCVE-2023-35081 est\nactivement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es, tout comme la\nvuln\u00e9rabilit\u00e9 \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"36:307;a\"\u003eCVE-2023-35078\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ivanti Endpoint Manager Mobile",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35081 du 28 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US"
    }
  ]
}

CERTFR-2023-AVI-0584

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Ivanti Endpoint Manager Mobile. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

L'éditeur a connaissance de l'exploitation de cette vulnérabilité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ivanti	N/A	Ivanti Endpoint Manager Mobile (EPMM) anciennement MobileIron Core toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-35078 du 24 juillet 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ivanti Endpoint Manager Mobile (EPMM) anciennement MobileIron Core toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0584",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ivanti Endpoint Manager Mobile.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\nL\u0027\u00e9diteur a connaissance de l\u0027exploitation de cette vuln\u00e9rabilit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ivanti Endpoint Manager Mobile",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35078 du 24 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    }
  ]
}

CERTFR-2023-AVI-0604

Vulnerability from certfr_avis - Published: - Updated:

Ivanti indique que la vulnérabilité CVE-2023-35081 est activement exploitée dans le cadre d'attaques ciblées, tout comme la vulnérabilité CVE-2023-35078.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ivanti Endpoint Manager Mobile (EPMM), anciennement MobileIron Core, versions 11.10, 11.9 et 11.8 sans le dernier correctif de sécurité

Les anciennes versions sont également affectées, mais n'étant plus supportées, ne recevront pas de correctif de sécurité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-35081 du 28 juillet 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003e\u003cspan class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"36:307;a\"\u003eIvanti Endpoint Manager Mobile (EPMM), \u003cspan data-aura-rendered-by=\"15:306;a\"\u003eanciennement\u003c/span\u003e MobileIron Core, versions 11.10, 11.9 et 11.8 sans le dernier correctif de s\u00e9curit\u00e9\u003cbr /\u003e \u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes anciennes versions sont \u00e9galement affect\u00e9es, mais n\u0027\u00e9tant plus support\u00e9es, ne recevront pas de correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"
    },
    {
      "name": "CVE-2023-35081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35081"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0604",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ivanti Endpoint Manager Mobile\net Endpoint Manager. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n\nIvanti indique que la vuln\u00e9rabilit\u00e9 \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow is-read-only iv-cad-fld iv-cad-fldtitle\"\naura-rendered-by=\"96:266;a\"\u003e\u003cspan class=\"uiOutputText\"\naura-rendered-by=\"99:266;a\" aura-class=\"uiOutputText\"\u003eCVE-2023-35081 est\nactivement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es, tout comme la\nvuln\u00e9rabilit\u00e9 \u003cspan\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"36:307;a\"\u003eCVE-2023-35078\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ivanti Endpoint Manager Mobile",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35081 du 28 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US"
    }
  ]
}

CERTFR-2023-AVI-0584

Vulnerability from certfr_avis - Published: - Updated:

L'éditeur a connaissance de l'exploitation de cette vulnérabilité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ivanti	N/A	Ivanti Endpoint Manager Mobile (EPMM) anciennement MobileIron Core toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-35078 du 24 juillet 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ivanti Endpoint Manager Mobile (EPMM) anciennement MobileIron Core toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0584",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ivanti Endpoint Manager Mobile.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\nL\u0027\u00e9diteur a connaissance de l\u0027exploitation de cette vuln\u00e9rabilit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ivanti Endpoint Manager Mobile",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35078 du 24 juillet 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    }
  ]
}

GSD-2023-35078

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

Aliases

CVE-2023-35078

Aliases

CVE-2023-35078

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-35078",
    "id": "GSD-2023-35078"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-35078"
      ],
      "details": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.",
      "id": "GSD-2023-35078",
      "modified": "2023-12-13T01:20:45.870331Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2023-35078",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Endpoint Manager Mobile",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "11.10",
                                "status": "unaffected",
                                "version": "11.10",
                                "versionType": "semver"
                              },
                              {
                                "lessThanOrEqual": "11.9",
                                "status": "unaffected",
                                "version": "11.9",
                                "versionType": "semver"
                              },
                              {
                                "lessThanOrEqual": "11.8",
                                "status": "unaffected",
                                "version": "11.8",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Ivanti"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability",
            "refsource": "MISC",
            "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
          },
          {
            "name": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078",
            "refsource": "MISC",
            "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
          },
          {
            "name": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
          },
          {
            "name": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability",
            "refsource": "MISC",
            "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2023-35078"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
            },
            {
              "name": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
            },
            {
              "name": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
            },
            {
              "name": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-28T20:15Z",
      "publishedDate": "2023-07-25T07:15Z"
    }
  }
}

FKIE_CVE-2023-35078

Vulnerability from fkie_nvd - Published: 2023-07-25 07:15 - Updated: 2025-10-31 21:58

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

References

URL	Tags
support@hackerone.com	https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability	Vendor Advisory
support@hackerone.com	https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078	Exploit, Vendor Advisory
support@hackerone.com	https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078	Third Party Advisory, US Government Resource
support@hackerone.com	https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078	US Government Resource

Impacted products

Vendor	Product	Version
ivanti	endpoint_manager_mobile	*
ivanti	endpoint_manager_mobile	*
ivanti	endpoint_manager_mobile	*

JSON

To clipboard

{
  "cisaActionDue": "2023-08-15",
  "cisaExploitAdd": "2023-07-25",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C48786C-399D-4B0C-8082-64112C4DA5C4",
              "versionEndExcluding": "11.8.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C1A12C-5862-48B6-ADA3-4222516DA152",
              "versionEndExcluding": "11.9.1.1",
              "versionStartIncluding": "11.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76DAE9E0-15F0-40AB-8D03-E64423AD0E07",
              "versionEndExcluding": "11.10.0.2",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Ivanti EPMM permite a usuarios no autorizados acceder a funciones o recursos restringidos de la aplicaci\u00f3n sin la autenticaci\u00f3n adecuada."
    }
  ],
  "id": "CVE-2023-35078",
  "lastModified": "2025-10-31T21:58:35.650",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "support@hackerone.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-25T07:15:10.897",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2023-1879

Vulnerability from csaf_certbund - Published: 2023-07-24 22:00 - Updated: 2023-07-25 22:00

Summary

Ivanti Endpoint Manager Mobile: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Ivanti Endpoint Manager ist eine Endpoint Management Software zur zentralen Verwaltung von Benutzerprofilen und -Geräten.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Ivanti Endpoint Manager Mobile ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows - Android - iPhoneOS - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Ivanti Endpoint Manager ist eine Endpoint Management Software zur zentralen Verwaltung von Benutzerprofilen und -Ger\u00e4ten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Ivanti Endpoint Manager Mobile ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows\n- Android\n- iPhoneOS\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1879 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1879.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1879 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1879"
      },
      {
        "category": "external",
        "summary": "Ivanti Security Advisory vom 2023-07-24",
        "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
      }
    ],
    "source_lang": "en-US",
    "title": "Ivanti Endpoint Manager Mobile: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2023-07-25T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:56:11.436+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1879",
      "initial_release_date": "2023-07-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-07-25T22:00:00.000+00:00",
          "number": "2",
          "summary": "Produkt angepast"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Ivanti Endpoint Manager Mobile \u003c 11.10.0.2",
                "product": {
                  "name": "Ivanti Endpoint Manager Mobile \u003c 11.10.0.2",
                  "product_id": "T028906",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ivanti:endpoint_manager:mobile__11.10.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ivanti Endpoint Manager Mobile \u003c 11.8.1.1",
                "product": {
                  "name": "Ivanti Endpoint Manager Mobile \u003c 11.8.1.1",
                  "product_id": "T028907",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ivanti:endpoint_manager:mobile__11.8.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ivanti Endpoint Manager Mobile \u003c 11.9.1.1",
                "product": {
                  "name": "Ivanti Endpoint Manager Mobile \u003c 11.9.1.1",
                  "product_id": "T028908",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ivanti:endpoint_manager:mobile__11.9.1.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Endpoint Manager"
          }
        ],
        "category": "vendor",
        "name": "Ivanti"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-35078",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Ivanti Endpoint Manager Mobile. Dieser Fehler ist auf einen nicht spezifizierten Fehler im Authentifizierungsprozess zur\u00fcckzuf\u00fchren. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2023-07-24T22:00:00.000+00:00",
      "title": "CVE-2023-35078"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-35078 (GCVE-0-2023-35078)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature