Published on: 22 January 2024
Ivanti has published a security advisory to address a vulnerability in Ivanti Endpoint Manager Mobile. An unauthorised remote attacker with access to specific API paths could access the sensitive information and make changes to the vulnerable systems. Detailed information about the vulnerability can be found at:
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older
Reports indicate that an authentication bypass vulnerability (CVE-2023-35082) in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, is being exploited in the wild. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that older unsupported and End-Of-Life (EOL) versions are also vulnerable with no security updates provided. System administrators should arrange to upgrade the unsupported and EOL versions to supported versions or migrate to other supported technology.
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerability could lead to information disclosure, security restriction bypass or tampering on an affected system.
Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.