/
1 min read

Vulnerability in Ivanti Endpoint Manager Mobile: Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable

“Based on what’s been shared by Ivanti at this time publicly, CVE-2023-35078 has been exploited in a “limited number” of attacks against internet-facing assets. However, considering the severity of this vulnerability, such as its being assigned a CVSSv3 score of 10.0, the maximum possible score, signals that exploitation of this flaw is likely to be relatively easy for attackers. It’s only a matter of time before public proof-of-concept code becomes available and attackers exploit this flaw more widely. 

“It’s unclear if the existing attacks have been conducted by an advanced persistent threat (APT) actor or other cybercriminals. Presently, researchers are noting an increase in probing of honeypots looking for vulnerable API endpoints. Ivanti says that attackers could exploit this flaw to gain access to personally identifiable information (PII) and make “limited changes to the server.” What those changes are remains unclear, but this could certainly become a valuable tool for ransomware groups and their affiliates. 

“With patches available for this flaw, organisations that utilise Ivanti Endpoint Manager Mobile (formerly MobileIron Core) should apply these patches immediately. While we don’t have public indicators of compromise for this vulnerability, if Ivanti does share these, potentially affected organisations must conduct incident response to determine any potential impact resulting from this vulnerability.” – Satnam Narang, Sr. Staff Research Engineer, Tenable

Leave a Reply