CVE-2023-35078: 
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation

CVE-2023-35078 is a critical authentication bypass vulnerability discovered in Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. The vulnerability affects all supported versions prior to the patches released on July 24, 2023, including versions 11.10, 11.9, and 11.8. This vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) and has been confirmed to be actively exploited in the wild (Rapid7, CISA).

The vulnerability allows unauthenticated access to specific API paths in the EPMM system. When exploited, unauthorized users can access restricted functionality or resources of the application without proper authentication. The vulnerability is particularly concerning as it affects internet-facing systems, with the Shadowserver project identifying 2,729 vulnerable IP addresses as of July 24, 2023. Indicators of compromise can be found in Apache HTTP logs, specifically entries showing requests to targeted API endpoints containing '/mifs/aad/api/v2/' in the path with a HTTP response code of 200 (Rapid7).

The exploitation of this vulnerability enables attackers to access personally identifiable information (PII) such as names, phone numbers, and mobile device details of users on vulnerable systems. Additionally, attackers can make configuration changes, including installing software and modifying security profiles on registered devices (CISA).

Ivanti has released patches to remediate the vulnerability: version 11.10.0.2 for 11.10 users, version 11.9.1.1 for 11.9 users, and version 11.8.1.1 for 11.8 users. For unsupported versions, Ivanti has provided a workaround as part of their response. Organizations running affected versions are strongly advised to apply the vendor patches immediately (Ivanti).

The vulnerability has garnered significant attention from national security organizations. The Norwegian National Security Authority (NSM) released a statement about the zero-day attack, and CISA issued an advisory urging immediate action. Ivanti has acknowledged working with partners at CISA, ACSC, and NCSC-NO for coordinated disclosure (Ivanti).