Ivanti reports another critical vulnerability in Endpoint Manager Mobile
Take action: If you are using Ivanti EPMM 11.2 or older, lock it down from the public internet immediately and start upgrading to newer product versions. You can't afford to keep it running, it's guaranteed that it will be hacked.
Learn More
After the attack of Norwegian government entities and subsequent report and patch of the Ivanti EPMM vulnerabilities that were probably used in the attack, we are back at square one.
Ivanti has disclosed another critical security vulnerability in its EPMM (MobileIron Core) mobile device management software. The vulnerability, tracked as CVE-2023-35082 (CVSS3 score 10.0), is a remote unauthenticated API access flaw that affects MobileIron Core version 11.2 and older.
If successfully exploited, attackers could backdoor compromised servers by deploying web shells, especially when chaining this vulnerability with other security flaws. Additionally, this vulnerability could allow attackers to gain unauthorized access to personally identifiable information (PII) of mobile device users.
Ivanti has stated that it will not release security patches to address this vulnerability in versions 11.2 and earlier because those versions have been out of support since March 15, 2022. Instead, the company advises users to upgrade to the latest version of Ivanti Endpoint Manager Mobile (EPMM), which is the rebranded version of MobileIron Core.
The vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM. Ivanti's Support team is available to assist customers in upgrading to the latest version to protect their environments from potential threats.
According to Shodan, more than 2,200 MobileIron user portals are currently exposed online, with some of them belonging to U.S. local and state government agencies.
