Don't miss our Quarterly Roadmap Showcase, Thursday, October 24
CVE-2023-38035 was discovered in Ivanti Sentry, formerly MobileIron Sentry by Ivanti. Researchers from the Horizon3 Attack Team published a blog post and a proof-of-concept (PoC) exploit for the vulnerability on August 23, 2023. Ivanti further indicated that active exploitation of this vulnerability has occurred and has impacted limited customers.
CVE-2023-35078 was discovered in Ivanti Endpoint Manager Mobile (EPMM) by mnemonic. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the vulnerability, stating that successful exploitation would allow an attacker to access "specific API paths."
CVE-2023-35082 was discovered in MobileIron Core by Rapid7. It was initially believed to only affect version 11.2 and prior, and it had been resolved incidentally in MobileIron Core 11.3 as part of work on a product bug. However, Ivanti's investigation found additional paths to exploiting CVE-2023-35082 depending on the configuration of the Ivanti Endpoint Manager Mobile (EPMM) appliance. This impacts all versions of EPMM 11.10, 11.9, and 11.8, and MobileIron Core 11.7 and below.
Successful exploitation of CVE-2023-38035 could lead to a remote unauthenticated threat actor making configuration changes to the server and the underlying Operating System (OS) as root. The vulnerability has been added to CISA KEV, and a deep dive into the vulnerability reveals that it can be used to give an attacker the ability to remotely execute code as the root user.
Successful exploitation of either CVE-2023-35078 or CVE-2023-35082 could lead to an unauthorized attacker accessing users' personally identifiable information and making limited changes to the server. The attacker could potentially disclose personal data or make modifications to the platform. Furthermore, the attacker could chain either with CVE-2023-35081, increasing the risk and severity of the attack
Although the CVE-2023-38035 has a low risk of exploitation for customers who do not expose port 8443 to the internet, it is still crucial for defenders to be concerned and take appropriate action. The vulnerability has been actively exploited, and GreyNoise continues to see scan attempts for this weakness. The vulnerability allows an attacker to remotely execute code as the root user, posing a significant security risk.
While CVE-2023-35078 and CVE-2023-35082 affect older and unsupported versions of MobileIron Core, it is still crucial for defenders to be concerned and take appropriate action. Each vulnerability allows unauthenticated attackers to access the API in older versions of MobileIron Core, posing a significant security risk.
