Critical vulnerability identified in outdated Ivanti MobileIron core
Uncovering the details and impacts of CVE-2023-35082 vulnerability in Ivanti's MobileIron core
Ivanti, a cybersecurity firm, disclosed a security flaw (CVE-2023-35082) in its older service MobileIron Core. This allows unauthorized remote access to APIs which could enable unauthorized users to access private information and make server changes. Ivanti is assisting its clients to upgrade their systems or switch to its cloud-based product. A similar vulnerability, combined with another (CVE-2023-35081), infiltrated Norwegian government departments. Experts warn that new combinations of these flaws could lead to further cyber attacks.
Ivanti recently disclosed an urgent security flaw (CVE-2023-35082) in its now-defunct solution known as MobileIron Core, which has since been transformed into Ivanti Endpoint Manager Mobile (EPMM). Despite the vulnerability being incidentally mended in MobileIron Core 11.3 due to an unrelated product bug fix, the threat was previously undetected, Ivanti revealed.
Details of the CVE-2023-35082 vulnerability
CVE-2023-35082 allows unauthorized remote access to APIs, which could potentially let unsanctioned users garner personally identifiable information and make changes within the server. This vulnerability lies in the same domain as CVE-2023-35078 and according to Rapid7's principal researcher Stephen Fewer, should be regarded as a patch bypass for the said vulnerability, particularly pertaining to product version 11.2 or earlier.
Ivanti's response and solutions for affected customers
MobileIron Core v11.2 has been unsupported since March 15, 2022 and a patch will not be issued for it or preceding versions. Ivanti has stated that they areactively aiding their clients in either upgrading to Ivanti EPMM's latest version or swapping to Ivanti Neurons for MDM, their cloud-based product. For further help, Rapid7 has offered techniques demonstrating how they discovered and confirmed the vulnerability, also providing indicators of breach for enterprise threat hunters.
Implications and consequences for Ivanti EPMM
It has been found that vulnerability CVE-2023-35078, a similar remote API access issue, combined with CVE-2023-35081, a remote unchecked file write vulnerability, was used to infiltrate 12 Norwegian government departments. The recently identified CVE-2023-35082, like its predecessor CVE-2023-35078, opens the door to unauthenticated remote users accessing an exposed management server's API endpoints, and carrying out various operations. More worryingly, if another flaw is present, an attacker could leverage this alongside CVE-2023-35082. For instance, coupling CVE-2023-35082 and CVE-2023-35081 might enable an attacker to create malicious webshell files, which could later be activated by them, stated Fewer.
Follow us on Telegram for more pills like this08/03/2023 13:14
Editorial AI