Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2023-35082
CVE-2023-35082:
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation
Overview
CVE-2023-35082 is an authentication bypass vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) 11.10 and older versions, including MobileIron Core. The vulnerability was discovered by Stephen Fewer from Rapid7 while investigating CVE-2023-35078, and was initially disclosed on August 2, 2023. This vulnerability allows unauthorized users to access restricted functionality or resources of the application without proper authentication (Rapid7 Blog, Ivanti Blog).
Technical details
The vulnerability arises from the permissive nature of certain entries in the mifs web application's security filter chain. While the original vulnerability (CVE-2023-35078) was exploited through the /aad/ segment in the URL path, CVE-2023-35082 can be exploited using the /asfV3/ path segment. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (Rapid7 Blog).
Impact
If exploited, this vulnerability enables an unauthorized, remote actor to access API endpoints and perform various operations, including accessing users' personally identifiable information (PII) and making limited changes to the server. Additionally, it can be chained with other vulnerabilities like CVE-2023-35081 to allow attackers to write malicious webshell files to the appliance (Rapid7 Blog, Ivanti Blog).
Mitigation and workarounds
Ivanti has released an RPM Fix for versions 11.10 to 11.3. Customers running older versions should first upgrade to 11.10 and then apply the RPM fix. The fix should be applied as soon as possible without waiting for regular patch cycles. Customers can access detailed information about the fix through the Ivanti Community portal (Rapid7 Blog).
Community reactions
The vulnerability has gained significant attention from the cybersecurity community, leading to CISA adding it to their Known Exploited Vulnerabilities Catalog. Federal Civilian Executive Branch (FCEB) agencies are required to remediate the vulnerability under Binding Operational Directive (BOD) 22-01 (CISA Alert).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management