Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software.

Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).

If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server, Ivanti said in an advisory released on August 2, 2023.

Rapid7 security researcher Stephen Fewer said, CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.

With the latest disclosure, Ivanti has patched a total of three security flaws impacting its EPMM product in quick succession within a span of two weeks.

It also comes as cybersecurity agencies from Norway and the U.S. revealed that CVE-2023-35078 and CVE-2023-35081 have been exploited by unnamed nation-state groups at least since April 2023 to drop web shells and gain persistent remote access to compromised systems.

CVE-2023-35078 (CVSS score: 10.0) – An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
CVE-2023-35081 (CVSS score: 7.2) – A path traversal vulnerability is discovered in Ivanti EPMM that allows an attacker to write arbitrary files onto the appliance.

While there is no evidence of active exploitation of CVE-2023-35082 in the wild, it’s recommended that users upgrade to the latest supported version to secure against potential threats.

MobileIron Core 11.2 has been out of support since March 15, 2022, Ivanti said. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Kommentar verfassen Kommentieren abbrechen

London, GB

4:36 am, Juli 3, 2025

13°C

L: 10° | H: 14°

Fühlt sich an wie 12°C° klarer Himmel

Luftfeuchtigkeit: 68 %

Druck: 1026 mb

Wind: 2 mph N

Windböe: 3 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 0%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:49 am

Sonnenuntergang: 9:20 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

10° | 14°°C 0 mm 0% 12 mph 65 % 1028 mb 0 mm/h

Tomorrow 10:00 pm

15° | 26°°C 0 mm 0% 12 mph 59 % 1028 mb 0 mm/h

Sa. Juli 05 10:00 pm

14° | 19°°C 1 mm 100% 11 mph 93 % 1021 mb 0 mm/h

So. Juli 06 10:00 pm

15° | 18°°C 1 mm 100% 11 mph 88 % 1009 mb 0 mm/h

Mo. Juli 07 10:00 pm

13° | 16°°C 1 mm 100% 11 mph 87 % 1012 mb 0 mm/h

Today 7:00 am

13° | 13°°C 0 mm 0% 4 mph 65 % 1026 mb 0 mm/h

Today 10:00 am

17° | 19°°C 0 mm 0% 4 mph 48 % 1027 mb 0 mm/h

Today 1:00 pm

24° | 24°°C 0 mm 0% 5 mph 28 % 1028 mb 0 mm/h

Today 4:00 pm

25° | 25°°C 0 mm 0% 6 mph 22 % 1026 mb 0 mm/h

Today 7:00 pm

21° | 21°°C 0 mm 0% 12 mph 25 % 1025 mb 0 mm/h

Today 10:00 pm

20° | 20°°C 0 mm 0% 10 mph 37 % 1027 mb 0 mm/h

Tomorrow 1:00 am

17° | 17°°C 0 mm 0% 7 mph 46 % 1028 mb 0 mm/h

Tomorrow 4:00 am

15° | 15°°C 0 mm 0% 5 mph 57 % 1028 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€92,189.67	2.50%
Ethereum(ETH)	€2,177.14	5.82%
Fesseln(USDT)	€0.85	0.02%
XRP(XRP)	€1.90	2.96%
Solana(SOL)	€130.20	3.06%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.143352	6.20%
Shiba Inu(SHIB)	€0.000010	5.20%
Pepe(PEPE)	€0.000008	9.29%

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns