Skip to main content

Exploitation of Remote Unauthenticated API Access Vulnerability in Ivanti Endpoint Manager Mobile

Critical severity vulnerability could allow an attacker to access restricted functionality or resources

Threat ID:
CC-4440
Threat Severity:
Medium
Published:
19 January 2024 3:11 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Critical severity vulnerability could allow an attacker to access restricted functionality or resources

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 11.11.0.0

Ivanti Endpoint Manager Mobile (formerly MobileIron Core)

Threat details

End of support for MobileIron Core 11.2

MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing an RPM script or any other remediations to address this vulnerability in 11.2 or earlier versions.

Introduction

In August 2023 Ivanti released a security advisory disclosing a critical severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. CVE-2023-35082 is a remote, unauthenticated API access vulnerability with a CVSSv3 score of 10. 

If exploited, this vulnerability could enable a remote, unauthenticated attacker to access users’ personally identifiable information or make limited changes to the server.

Exploitation of CVE-2023-35082

In January 2024, CVE-2023-35082 was added to the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.

Remediation advice

Affected organisations are advised to review Ivanti's CVE-2023-35082 – Remote Unauthenticated API Access Vulnerability advisory and apply any necessary updates as soon as possible.

Last edited: 19 January 2024 3:11 pm