Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical vulnerability identified in outdated Ivanti MobileIron core

Uncovering the details and impacts of CVE-2023-35082 vulnerability in Ivanti's MobileIron core

Ivanti, a cybersecurity firm, disclosed a security flaw (CVE-2023-35082) in its older service MobileIron Core. This allows unauthorized remote access to APIs which could enable unauthorized users to access private information and make server changes. Ivanti is assisting its clients to upgrade their systems or switch to its cloud-based product. A similar vulnerability, combined with another (CVE-2023-35081), infiltrated Norwegian government departments. Experts warn that new combinations of these flaws could lead to further cyber attacks.
Gruppo ECP

FROM THE GAP TO THE FINISH LINE
We transform challenges into business successes
DISCOVER HOW

Gruppo ECP

FROM THE GAP TO THE FINISH LINE
We transform challenges
into business successes
DISCOVER HOW

This pill is also available in Italian language

Ivanti recently disclosed an urgent security flaw (CVE-2023-35082) in its now-defunct solution known as MobileIron Core, which has since been transformed into Ivanti Endpoint Manager Mobile (EPMM). Despite the vulnerability being incidentally mended in MobileIron Core 11.3 due to an unrelated product bug fix, the threat was previously undetected, Ivanti revealed.

Details of the CVE-2023-35082 vulnerability

CVE-2023-35082 allows unauthorized remote access to APIs, which could potentially let unsanctioned users garner personally identifiable information and make changes within the server. This vulnerability lies in the same domain as CVE-2023-35078 and according to Rapid7's principal researcher Stephen Fewer, should be regarded as a patch bypass for the said vulnerability, particularly pertaining to product version 11.2 or earlier.

Ivanti's response and solutions for affected customers

MobileIron Core v11.2 has been unsupported since March 15, 2022 and a patch will not be issued for it or preceding versions. Ivanti has stated that they areactively aiding their clients in either upgrading to Ivanti EPMM's latest version or swapping to Ivanti Neurons for MDM, their cloud-based product. For further help, Rapid7 has offered techniques demonstrating how they discovered and confirmed the vulnerability, also providing indicators of breach for enterprise threat hunters.

Implications and consequences for Ivanti EPMM

It has been found that vulnerability CVE-2023-35078, a similar remote API access issue, combined with CVE-2023-35081, a remote unchecked file write vulnerability, was used to infiltrate 12 Norwegian government departments. The recently identified CVE-2023-35082, like its predecessor CVE-2023-35078, opens the door to unauthenticated remote users accessing an exposed management server's API endpoints, and carrying out various operations. More worryingly, if another flaw is present, an attacker could leverage this alongside CVE-2023-35082. For instance, coupling CVE-2023-35082 and CVE-2023-35081 might enable an attacker to create malicious webshell files, which could later be activated by them, stated Fewer.

Follow us on Twitter for more pills like this

08/03/2023 13:14

Marco Verro

Complementary pills

Cybersecurity challenges and strategies: the CISA case and vulnerability managementVulnerabilities, updates and training: key components in the fight against cyber attacks

Zero-day bug: Ivanti's action in fixing MobileIronIvanti's readiness to respond to MobileIron vulnerability: the importance of security updates

Last pills

Cloudflare repels the most powerful DDoS attack ever recordedAdvanced defense and global collaboration to tackle new challenges of DDoS attacks

Silent threats: the zero-click flaw that compromises RDP serversHidden risks in remote work: how to protect RDP servers from invisible attacks

Discovery of vulnerability in Secure Boot threatens device securityFlaw in the Secure Boot system requires urgent updates to prevent invisible intrusions

North korean cyberattacks and laptop farming: threats to smart workingAdapting to new digital threats of remote work to protect vital data and infrastructures

Don’t miss the most important news
Enable notifications to stay always updated