Home Security Researchers Uncover Bypass for Not too long ago Patched Crucial Ivanti EPMM Vulnerability

Researchers Uncover Bypass for Not too long ago Patched Crucial Ivanti EPMM Vulnerability

by crpt os


Aug 03, 2023THNVulnerability / Software Security

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software.

Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue “allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).”

“If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server,” Ivanti said in an advisory released on August 2, 2023.

Rapid7 security researcher Stephen Fewer said, “CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.”

With the latest disclosure, Ivanti has patched a total of three security flaws impacting its EPMM product in quick succession within a span of two weeks.

Cybersecurity

It also comes as cybersecurity agencies from Norway and the U.S. revealed that CVE-2023-35078 and CVE-2023-35081 have been exploited by unnamed nation-state groups at least since April 2023 to drop web shells and gain persistent remote access to compromised systems.

  • CVE-2023-35078 (CVSS score: 10.0) – An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
  • CVE-2023-35081 (CVSS score: 7.2) – A path traversal vulnerability is discovered in Ivanti EPMM that allows an attacker to write arbitrary files onto the appliance.

While there is no evidence of active exploitation of CVE-2023-35082 in the wild, it’s recommended that users upgrade to the latest supported version to secure against potential threats.

“MobileIron Core 11.2 has been out of support since March 15, 2022,” Ivanti said. “Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex