CISA warns of active explitation of Ivanti EPMM max severity bug

published: Jan. 18, 2024

Take action: If you are using Ivanti EPMM 11.2 or older, and still haven't patched it, it's high time to do the work. Lock Ivanti from the public internet immediately and start upgrading to newer product versions. Because it's being hacked.

Learn More

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software.

The vulnerability, tracked as CVE-2023-35082, allows remote unauthenticated API access and affects various versions of EPMM and MobileIron Core. It was patched in August 2023.

Data from Shodan reveals that about 6,300 Ivanti EPMM user portals are currently exposed online, with Shadowserver tracking 3,420 Internet-exposed EPMM appliances. Over 150 instances linked to government agencies globally are directly accessible via the Internet.

CISA has not provided specific details on the CVE-2023-35082's active exploitation, the vulnerability has been added to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.

CISA warns of active explitation of Ivanti EPMM max severity bug