top of page
Search

Ivanti Endpoint Manger Mobile – Known Exploitation

Updated: Jul 31, 2023


CISA releases alert to Ivanti Security update for Endpoint Manager Mobile (EPMM) CVE-2023-35078.

 

US-based IT software company, Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).


Ivanti released the security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday.


This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. 

This particular vulnerability has received a CVSS score of 10, meaning it is very easy to exploit and does not require particular tools or specialist competency to exploit.


Relevance

  • Known Exploited Vulnerability


Recommendations


References


1. CISA Adds One Known Exploited Vulnerability to Catalog. (2023, July 25) https://www.cisa.gov/news-events/alerts/2023/07/25/cisa-adds-one-known-exploited-vulnerability-catalog




 

We're Here to Assist You


CyberForce|Q can assist, our Incident Response Team can be deployed 24x7x365 – reach out to solutions@cyberforceq.com.



12 views0 comments
bottom of page