Cybersecurity analysts have found a circumvention for a recently patched actively exploited flaw in certain iterations of Ivanti Endpoint Manager Mobile (EPMM), leading Ivanti to encourage users to upgrade to the most recent version of the software.
Identified as CVE-2023-35082 (CVSS score: 10.0) and detected by Rapid7, the issue “permits unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).”
“If this vulnerability is exploited, it allows an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited modifications to the server,” Ivanti stated in an advisory released on August 2, 2023.
Rapid7 security researcher Stephen Fewer explained, “CVE-2023-35082 originates from the same place as CVE-2023-35078, specifically the lenient nature of certain entries in the mifs web application’s security filter chain.”
Following this recent revelation, Ivanti has remedied a total of three security defects affecting its EPMM product in quick succession within a period of two weeks.
The disclosure also comes as cybersecurity agencies from Norway and the U.S. exposed that CVE-2023-35078 and CVE-2023-35081 have been exploited by unidentified nation-state groups at least since April 2023 to insert web shells and gain lasting remote access to compromised systems.
CVE-2023-35078 (CVSS score: 10.0) – An authentication bypass flaw in Ivanti EPMM enables unauthorized users to access limited functionality or resources of the application without appropriate authentication. CVE-2023-35081 (CVSS score: 7.2) – A path traversal vulnerability is found in Ivanti EPMM that allows an attacker to write arbitrary files onto the device. While there’s no evidence of active exploitation of CVE-2023-35082 in the wild, it’s advised that users upgrade to the most recent supported version to protect against potential threats.