Advisory No: TZCERT/SA/2023/08/11
Date of First Release: 11th August 2023
Source: Ivanti
Overview:
Ivanti has released security patches to address a critical vulnerability affecting multiple versions of Ivanti End Point Manager Mobile (EPMM). This vulnerability could allow an attacker to obtain sensitive information and take control of an affected system.
Description:
Ivanti End Point Manager Mobile (EPMM) formerly known as MobileIron Core affected by a remote unauthenticated API Access vulnerability. The vulnerability allows an authenticated attacker to access restricted functionality or resources of the application without proper authentication.
Impact:
Successful exploitation of this vulnerability allows an attacker to take control of an affected system.
Solution:
Ivanti has released security patches for this vulnerability. Users and Administrators are encouraged to apply necessary updates.
Reference:
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
- https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/