CVE-2023-39335: 
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation

A critical security vulnerability (CVE-2023-39335) was identified in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, affecting versions 11.10, 11.9, 11.8, and older. The vulnerability allows an unauthenticated threat actor to impersonate any existing user during the device enrollment process, enabling unauthorized access and potential misuse of user accounts and resources (Ivanti Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically affects the device enrollment process and can be exploited by threat actors to gain unauthorized access to the system. The attack requires sophisticated knowledge and can be particularly effective when combined with physically stolen devices or in systems with open enrollment (Security Online, NVD).

The exploitation of this vulnerability enables unauthorized access to resources behind Sentry and allows attackers to enroll devices under different user profiles. This poses significant security risks as it could lead to unauthorized access to sensitive enterprise resources and potential misuse of user accounts. The impact is particularly severe for organizations using Sentry, though those without Sentry have limited exposure (Ivanti Blog).

Ivanti has released patches to address this vulnerability in EPMM (Core) releases 11.10.0.4, 11.11.0.2, and 11.12.0.0. Organizations are strongly advised to update to these patched versions to maintain the security of their mobile device management infrastructure (Ivanti Blog).