CVE-2023-35078
published 2023-07-25CVE-2023-35078: An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without…
PriorityP1100critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2023-08-15
Exploited in the wild
EPSS
100.00%
100.0th percentile
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 11.11.0 | 11.11.0 |
| ivanti | endpoint_manager_mobile | < 11.8.1.1 | 11.8.1.1 |
| ivanti | endpoint_manager_mobile | >= 11.10 < 11.10.0.2 | 11.10.0.2 |
| ivanti | endpoint_manager_mobile | >= 11.9.0 < 11.9.1.1 | 11.9.1.1 |
| ivanti | epmm | — | — |
| ivanti | epmm | 11.10 – 11.10 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect CVE-2023-35078 exploitation chained with CVE-2023-35081 — attackers used both together to write JSP and Java .class files to disk on compromised EPMM servers. ↗
- →Alert on unexpected JSP or Java .class file creation on Ivanti EPMM servers, as this is a known post-exploitation artifact when CVE-2023-35078 is chained with CVE-2023-35081. ↗
- →Use Nessus plugin IDs 141340 (MobileIron Core Detection) and 141341 (MobileIron Core API Detection) to identify exposed/vulnerable EPMM assets in the environment. ↗
- →Check Point IPS Blade signature 'Ivanti Endpoint Manager Mobile Authentication Bypass (CVE-2023-35078)' can be used for network-level detection of exploitation attempts. ↗
- →GreyNoise tag 'IVANTI EPMM (MOBILEIRON CORE) AUTHENTICATION BYPASS ATTEMPT' can be used to identify mass-scanning IPs probing for CVE-2023-35078. ↗
- →Refer to CISA/NCSC-NO joint advisory AA23-213A for confirmed IOCs and TTPs from real-world exploitation of CVE-2023-35078 against Norwegian government organizations. ↗
- ·A temporary RPM-based fix is available for CVE-2023-35078 that survives reboots but does NOT persist through upgrades — full patching is required. ↗
- ·CVE-2023-35082 is a distinct but related authentication bypass affecting all versions of EPMM 11.10, 11.9, and 11.8, and MobileIron Core 11.7 and below — detection coverage should include both CVEs. ↗
- ·Limited forensic logging on impacted EPMM systems delayed full scope assessment — defenders should ensure enhanced logging is enabled on EPMM appliances prior to any incident. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w2p6-rj4r-fqxv: An authentication bypass vulnerability in Ivanti EPMM 11
ghsa_unreviewed·2023-08-15·CVSS 9.8
CVE-2023-35082 [CRITICAL] CWE-287 GHSA-w2p6-rj4r-fqxv: An authentication bypass vulnerability in Ivanti EPMM 11
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
GHSA
GHSA-7r8j-4mv7-77vp: Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11
ghsa_unreviewed·2023-07-25
CVE-2023-35078 [CRITICAL] CWE-287 GHSA-7r8j-4mv7-77vp: Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
VulnCheck
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
vulncheck·2023·CVSS 9.8
CVE-2023-35081 [CRITICAL] CWE-22 Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
Affected: Ivanti Endpoint Manager Mobile (EPMM)
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cisa.gov/news-events/ale
VulnCheck
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
vulncheck·2023·CVSS 9.8
CVE-2023-35078 [CRITICAL] CWE-287 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Affected: Ivanti Endpoint Manager Mobile (EPMM)
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploit
Ivanti
Ivanti EPMM Remote Unauthenticated API Access (MobileIron Core)
vendor_ivanti·2024-01-18·CVSS 9.8
CVE-2023-35082 [CRITICAL] Ivanti EPMM Remote Unauthenticated API Access (MobileIron Core)
Ivanti EPMM Remote Unauthenticated API Access (MobileIron Core)
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
CVE IDs: CVE-2023-35082
Affected products: EPMM, MobileIron
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Remediation Due Date: 2024-02-08
Known to be used in ransomware campaigns.
CISA
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
cisa·2023-07-31·CVSS 9.8
CVE-2023-35081 [CRITICAL] CWE-22 Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Affected: Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081
Remediation Due Date: 2023-08-21
Ivanti
Ivanti EPMM Remote Arbitrary File Write
vendor_ivanti·2023-07-31·CVSS 7.2
CVE-2023-35081 [CRITICAL] Ivanti EPMM Remote Arbitrary File Write
Ivanti EPMM Remote Arbitrary File Write
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
CVE IDs: CVE-2023-35081
Affected products: EPMM, MobileIron
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Remediation Due Date: 2023-08-21
CISA
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
cisa·2023-07-25·CVSS 9.8
CVE-2023-35078 [CRITICAL] CWE-287 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Vulnerability: Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Affected: Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://forums.ivanti.co
Ivanti
Ivanti EPMM Remote Unauthenticated API Access
vendor_ivanti·2023-07-25·CVSS 9.8
CVE-2023-35078 [CRITICAL] Ivanti EPMM Remote Unauthenticated API Access
Ivanti EPMM Remote Unauthenticated API Access
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
CVE IDs: CVE-2023-35078
Affected products: EPMM, MobileIron
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mi
Suricata
ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt
suricata·2023-08-03·CVSS 9.8
CVE-2023-35078 [CRITICAL] ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt
ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt"; flow:established,to_server; http.uri; content:"/mifs/aad/api/v2/"; startswith; threshold:type limit, count 5, seconds 300, track by_src; reference:url,www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/; reference:cve,2023-35078; classtype:attempted-admin; sid:2047054; rev:2; metadata:affected_product Ivanti, attack_target Web_Server, created_at 2023_08_03, cve CVE_2023_35078, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Low, signatur
Nuclei
Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
nuclei·CVSS 9.8
CVE-2023-35078 [CRITICAL] Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Template:
id: CVE-2023-35078
info:
name: Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
author: parth,pdresearch
severity: critical
description: Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
impact: |
Successful e
Nuclei
MobileIron Core - Remote Unauthenticated API Access
nuclei·CVSS 9.8
CVE-2023-35082 [CRITICAL] MobileIron Core - Remote Unauthenticated API Access
MobileIron Core - Remote Unauthenticated API Access
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.
Template:
id: CVE-2023-35082
info:
name: MobileIron Core - Remote Unauthenticated API Access
author: DhiyaneshDk
severity: critical
description: |
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.
impact: |
Remote attackers can exploit this vulnerability to gain unauthorized access to sensitive data and perform mal
Tenable
CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited
blogs_tenable·2026-01-30·CVSS 9.8
[CRITICAL] CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
U.S. and UK Warn of Russian Cyber Threats: 9 of 12 GreyNoise-Tracked Vulnerabilities in the Advisory Are Being Probed Right Now
blogs_greynoiseio·2024-10-17
U.S. and UK Warn of Russian Cyber Threats: 9 of 12 GreyNoise-Tracked Vulnerabilities in the Advisory Are Being Probed Right Now
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bleepingcomputer
Ivanti warns of critical flaws in its Avalanche MDM solution
blogs_bleepingcomputer·2024-04-16·CVSS 9.8
[CRITICAL] Ivanti warns of critical flaws in its Avalanche MDM solution
## Ivanti warns of critical flaws in its Avalanche MDM solution
## Sergiu Gatlan
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.
Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location.
As the company explained on Wednesday, the two critical security flaws (CVE-2024-24996 and CVE-2024-29204) were found in Avalanche's WLInfoRailService and WLAvalancheService components.
They are both caused by heap-based buffer overflow weaknesses, which can let unauthenticated remote attackers execute arbitrary commands on
Bleepingcomputer
CISA: Critical Ivanti auth bypass bug now actively exploited
blogs_bleepingcomputer·2024-01-18·CVSS 9.8
CVE-2023-35082 [CRITICAL] CISA: Critical Ivanti auth bypass bug now actively exploited
## CISA: Critical Ivanti auth bypass bug now actively exploited
## Sergiu Gatlan
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023 ) is now under active exploitation.
Tracked as CVE-2023-35082 , the flaw is a remote unauthenticated API access vulnerability affecting all versions of EPMM 11.10, 11.9, and 11.8 and MobileIron Core 11.7 and below,.
Successful exploitation provides attackers access to personally identifiable information (PII) of mobile device users and can let them backdoor compromised servers when chaining the bug with other flaws.
"Ivanti has an RPM script available now. We recommend customers first upgrade to a supported version and then apply t
Unit42
Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 29)
blogs_unit42·2024-01-16·CVSS 8.2
CVE-2023-46805 [HIGH] Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 29)
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 29)
Unit 42
Published: January 16, 2024
High Profile Threats
Vulnerabilities
CVE-2023-46805
CVE-2024-21887
CVE-2024-21888
CVE-2024-21893
CVE-2024-22024
Ivanti
VPNs
Unit 42 stopped monitoring this threat and updating the brief on Feb. 29, 2024. Please refer to Ivanti's website for the latest information.
## Update Feb. 29
The U.S. government, in collaboration with international government allies, has published a Joint Cybersecurity Advisory (CSA) which includes recent findings about exploitation of the Ivanti vulnerabilities. In this report the authoring organizations state that threat actors are able to deceive Ivanti’s internal and external Integr
Unit42
Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 29)
blogs_unit42·2024-01-16·CVSS 8.3
CVE-2023-46805 [HIGH] Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 29)
Unit 42 stopped monitoring this threat and updating the brief on Feb. 29, 2024. Please refer to Ivanti's website for the latest information.
## Update Feb. 29
The U.S. government, in collaboration with international government allies, has published a Joint Cybersecurity Advisory (CSA) which includes recent findings about exploitation of the Ivanti vulnerabilities. In this report the authoring organizations state that threat actors are able to deceive Ivanti’s internal and external Integrity Checker Tools (ICT) which results in a failure to detect a compromise. They also state that cyber threat actors may be able to maintain root-level persistence despite issuing factory resets.
This CSA also includes guidance on incident response steps. They recommend defenders reset all credentials tha
Bleepingcomputer
Ivanti Connect Secure zero-days now under mass exploitation
blogs_bleepingcomputer·2024-01-15·CVSS 8.2
CVE-2023-46805 [HIGH] Ivanti Connect Secure zero-days now under mass exploitation
## Ivanti Connect Secure zero-days now under mass exploitation
## Sergiu Gatlan
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.
As discovered by threat intelligence company Volexity, which also first spotted the zero-days being used in attacks since December , multiple threat groups chain the CVE-2023-46805 authentication bypass and the CVE-2024-21887 command injection vulnerabilities in widespread attacks starting January 11.
"Victims are globally distributed and vary greatly in size, from small businesses to some of the largest organizations in the world, including multiple Fortune 500 companies across multiple industry verticals," Volexity warned today.
The attackers backdo
Bleepingcomputer
Ivanti warns of Connect Secure zero-days exploited in attacks
blogs_bleepingcomputer·2024-01-10·CVSS 8.2
CVE-2023-46805 [HIGH] Ivanti warns of Connect Secure zero-days exploited in attacks
## Ivanti warns of Connect Secure zero-days exploited in attacks
## Sergiu Gatlan
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure (IPS) zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted gateways.
The first security flaw (CVE-2023-46805) is an authentication bypass in the appliances' web component, enabling attackers to access restricted resources by circumventing control checks, while the second (tracked as CVE-2024-21887) is a command injection vulnerability that lets authenticated admins execute arbitrary commands on vulnerable appliances by sending specially crafted requests.
When successfully chaining the two zero days, threat actors can run arbitrary commands on all supported versions o
Bleepingcomputer
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
blogs_bleepingcomputer·2024-01-04·CVSS 9.8
CVE-2023-39336 [CRITICAL] Ivanti warns critical EPM bug lets hackers hijack enrolled devices
## Ivanti warns critical EPM bug lets hackers hijack enrolled devices
## Sergiu Gatlan
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw (tracked as CVE-2023-39336 ) impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Attackers with access to a target's internal network can exploit the vulnerability in low-complexity attacks that don't require privileges or user interaction.
"If exploited, an attacker with access to the internal network can lev
Bleepingcomputer
Ivanti releases patches for 13 critical Avalanche RCE flaws
blogs_bleepingcomputer·2023-12-20·CVSS 9.8
[CRITICAL] Ivanti releases patches for 13 critical Avalanche RCE flaws
## Ivanti releases patches for 13 critical Avalanche RCE flaws
## Sergiu Gatlan
Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
Avalanche allows admins to manage over 100,000 mobile devices from a single, central location over the Internet, deploy software, and schedule updates.
As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.
Unauthenticated attackers can exploit them in low-complexity attacks that don't require user interaction to gain remote code execution on unpatched systems.
"An attacker sending specially c
Tenable
CVE-2023-38035: Ivanti Sentry API Authentication Bypass Zero-Day Exploited in the Wild
blogs_tenable·2023-08-22·CVSS 9.8
[CRITICAL] CVE-2023-38035: Ivanti Sentry API Authentication Bypass Zero-Day Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
31st July – Threat Intelligence Report
blogs_checkpoint·2023-07-31
CVE-2023-35078 31st July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st July, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Norwegian government has reported that a software platform, used by 12 key ministries, suffered a cyberattack. It happened after hackers exploited a zero-day authentication bypass vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM).
Maximum, a contractor providing services to the U.S. government, including federal and l
Unit42
Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)
blogs_unit42·2023-07-29·CVSS 9.8
CVE-2023-35078 [CRITICAL] Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)
Unit 42
Published: July 28, 2023
High Profile Threats
Vulnerabilities
API attacks
CVE-2023-32560
CVE-2023-35078
CVE-2023-35081
CVE-2023-35082
CVE-2023-38035
Ivanti
Zero-day
## Executive Summary
Update: As of August 23, over the last three weeks this incident has developed with three additional vulnerabilities discovered in Ivanti products. The first in MobileIron Core (CVE-2023-35082; the main topic of this threat brief post when first published in July), a second vulnerability discovered in the Ivanti Avalanche product (CVE-2023-32560), and the third in
Unit42
Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)
blogs_unit42·2023-07-29·CVSS 9.8
CVE-2023-35078 [CRITICAL] Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)
## Executive Summary
Update: As of August 23, over the last three weeks this incident has developed with three additional vulnerabilities discovered in Ivanti products. The first in MobileIron Core (CVE-2023-35082; the main topic of this threat brief post when first published in July), a second vulnerability discovered in the Ivanti Avalanche product (CVE-2023-32560), and the third in the Ivanti Sentry product (CVE-2023-38035).
On July 24, 2023, Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core, publicly disclosed details about an unauthenticated API access zero-day vulnerability. CVE-2023-35078 affects versions 11.10, 11.9 and 11.8, but older versions are also at risk of possible exploitation.
At the time of writing, the only confirmed victims have been Norwegi
Tenable
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
blogs_tenable·2023-07-25·CVSS 9.8
[CRITICAL] CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
The Tenth Day Of Tagsmas (2023): Three Critical Vulnerabilities in Ivanti (MobileIron) Products (CVE-2023-38035 / CVE-2023-35078 / CVE-2023-35082)
blogs_greynoiseio·CVSS 9.8
[CRITICAL] The Tenth Day Of Tagsmas (2023): Three Critical Vulnerabilities in Ivanti (MobileIron) Products (CVE-2023-38035 / CVE-2023-35078 / CVE-2023-35082)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Huntress
Ivanti mass zero-day exploits Data Breach: What Happened, Impact, and Lessons | Huntress
blogs_huntress
Ivanti mass zero-day exploits Data Breach: What Happened, Impact, and Lessons | Huntress
## Ivanti Data Breach
Published: 12/16/2025
Written by: Lizzie Danielson
When vulnerabilities go unpatched, cybercriminals are quick to exploit the gap—and that's exactly what happened with the Ivanti mass zero-day exploits. This breach targeted government and enterprise systems globally, leveraging unpatched vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM). The outcome? Sensitive data exposure, operational disruption, and heightened scrutiny on patch management practices.
## Ivanti data breach explained: what happened?
The Ivanti mass zero-day exploits were discovered in mid-2023, exposing critical vulnerabilities in the EPMM platform. These vulnerabilities allowed attackers to gain unauthorized access to sensitive information and potentially disrupt operations. The breach
arXiv
Investigating the Temporal Dynamics of Cyber Threat Intelligence
arxiv_fulltext·2024-12-26
Investigating the Temporal Dynamics of Cyber Threat Intelligence
Investigating the Temporal Dynamics of Cyber Threat Intelligence
Angel Kodituwakku, Clark Xu,
Daniel Rogers, and David K. Ahn
Centripetal Networks
Reston, VA, USA
[email protected]
Errin W. Fulp
Department of Computer Science
Wake Forest University
Winston-Salem, NC, USA
[email protected]
## Abstract
Indicators of Compromise (IoCs) play a crucial role in the rapid detection and mitigation of cyber threats. However, the existing body of literature lacks in-depth analytical studies on the temporal aspects of IoC publication, especially when considering up-to-date datasets related to Common Vulnerabilities and Exposures (CVEs). This paper addresses this gap by conducting an analysis of the timeliness and comprehensiveness of Cyber Threat Intelligence (CTI) pertaining to several
arXiv
Efficacy of EPSS in High Severity CVEs found in KEV
arxiv_fulltext·2024-11-04
Efficacy of EPSS in High Severity CVEs found in KEV
empty
empty
24pt
10pt plus 1.0pt minus 2.0pt
## Abstract
The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv , assists defenders in deciding which vulnerabilities to prioritize for remediation. This study evaluates EPSS's ability to predict exploitation before vulnerabilities are actively compromised, focusing on high severity CVEs that are known to have been exploited and included in the CISA KEV catalog. By analyzing EPSS score history, the availability and simplicity of exploits, the system's purpose, its value as a target for Threat Actors (TAs), this paper examines EPSS's potential and identifies ar
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerabilityhttps://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerabilityhttps://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerabilityhttps://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerabilityhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078
2023-07-25
Published
2023-07-25
Added to CISA KEV
Exploited in the wild