CVE-2023-35078
Published: 25 July 2023
Summary
CVE-2023-35078 is a critical-severity Improper Authentication (CWE-287) vulnerability in Ivanti Endpoint Manager Mobile. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
An authentication bypass vulnerability tracked as CVE-2023-35078 affects Ivanti Endpoint Manager Mobile (EPMM). The flaw, assigned CWE-287, permits remote attackers to reach restricted application functionality or resources without supplying valid credentials, resulting in a CVSS 3.1 base score of 9.8.
Unauthenticated attackers on the network can exploit the issue to obtain unauthorized API access and potentially compromise the confidentiality, integrity, and availability of the mobile-device management platform. No user interaction or elevated privileges are required for successful exploitation.
Ivanti has published security updates that address the vulnerability, and CISA has issued an alert directing organizations to apply the vendor patches promptly. Multiple Ivanti knowledge-base articles provide additional guidance on identifying affected versions and implementing the fixes.
The associated EPSS score has reached a peak of 0.9711 with a current value of 0.9444, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-39113
Vulnerability details
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
- CWE(s)
- KEV Date Added
- 25 July 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and access-control decisions before any restricted EPMM functionality or API endpoints can be reached.
Mandates identification and authentication of users prior to granting access, eliminating the unauthenticated entry point exploited by CVE-2023-35078.
Requires prompt application of vendor patches that remediate the authentication-bypass flaw (CWE-287) in Ivanti EPMM.