Cybersecurity researchers have identified a bypass for a lately mounted actively exploited vulnerability in some versions of Ivanti Endpoint Supervisor Cellular (EPMM), prompting Ivanti to issue a new round of patches.
Tracked as CVE-2023-35082 (CVSS score: 10.) and identified by Quick7, the issue “enables unauthenticated attackers to access the API in older unsupported variations of MobileIron Core (11.2 and below).”
“If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to likely access users’ personally identifiable facts and make limited improvements to the server,” Ivanti stated in an advisory introduced on August 2, 2023.
Immediate7 security researcher Stephen Fewer mentioned, “CVE-2023-35082 arises from the identical place as CVE-2023-35078, specially the permissive character of specified entries in the mifs web application’s security filter chain.”
With the most recent disclosure, Ivanti has patched a overall of three security flaws impacting its EPMM product or service in swift succession inside of a span of two weeks.
It also comes as cybersecurity businesses from Norway and the U.S. revealed that CVE-2023-35078 and CVE-2023-35081 have been exploited by unnamed nation-point out groups at least since April 2023 to drop web shells and attain persistent distant obtain to compromised systems.
- CVE-2023-35078 (CVSS rating: 10.) – An authentication bypass vulnerability in Ivanti EPMM allows unauthorized end users to access restricted features or means of the software devoid of correct authentication.
- CVE-2023-35081 (CVSS score: 7.2) – A path traversal vulnerability is uncovered in Ivanti EPMM that allows an attacker to generate arbitrary data files onto the equipment.
While there is no evidence of lively exploitation of CVE-2023-35082 in the wild, it is advised that people improve to the hottest supported version to protected in opposition to potential threats.
“MobileIron Main 11.2 has been out of help due to the fact March 15, 2022,” Ivanti stated. “As a result, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or before versions.”
Located this write-up intriguing? Abide by us on Twitter and LinkedIn to browse extra exceptional articles we put up.
Some parts of this article are sourced from:
thehackernews.com