High Threat Security Alert (A23-07-23): Vulnerability in Ivanti Endpoint Manager Mobile (MobileIron Core)
31 July 2023
Ivanti has published a security advisory to address a vulnerability in Ivanti Endpoint Manager Mobile. The vulnerability could enable an authenticated administrator to write arbitrary files on the affected system that allow the attacker to execute OS commands as the tomcat user. Detailed information about the vulnerability can be found at: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write
Reports indicate that a critical remote arbitrary file write vulnerability (CVE-2023-35081) in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, is being exploited in the wild. As it may be exploited in conjunction with another critical authentication bypass vulnerability (CVE-2023-35078) mentioned in our previous high threat security alert (A23-07-22) as part of an exploit chain to bypass administrator authentication and access control list (ACL) restrictions, system administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Ivanti Endpoint Manager Mobile (MobileIron Core) prior to version 18.104.22.168, 22.214.171.124 and 126.96.36.199
Please note that older unsupported and End-Of-Life (EOL) versions are also vulnerable with no security updates provided. System administrators should arrange to upgrade the unsupported and EOL versions to supported versions or migrate to other supported technology.
Successful exploitation of the vulnerability could lead to arbitrary code execution or tampering on an affected system.
Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.