PatchSiren cyber security CVE debrief
CVE-2023-35082 Ivanti CVE debrief
CVE-2023-35082 is an authentication bypass vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2024-01-18 and marked it as known to have been used in ransomware campaigns. For defenders, this is a high-priority exposure: CISA’s required action is to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
- Vendor
- Ivanti
- Product
- Endpoint Manager Mobile (EPMM) and MobileIron Core
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2024-01-18
- Original CVE updated
- 2024-01-18
- Advisory published
- 2024-01-18
- Advisory updated
- 2024-01-18
Who should care
Organizations running Ivanti Endpoint Manager Mobile (EPMM) or MobileIron Core, especially teams responsible for endpoint management, mobile device management, incident response, and vulnerability remediation. Security leaders should treat this as urgent because it is in CISA’s KEV catalog and associated with known ransomware campaign use.
Technical summary
The supplied source corpus identifies CVE-2023-35082 as an authentication bypass issue in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. CISA’s KEV entry references Ivanti’s advisory describing remote unauthenticated API access in MobileIron Core 11.2 and older. The KEV record does not provide CVSS in the supplied data, but it does classify the issue as actively exploited and requires mitigation or discontinuation if mitigations are unavailable.
Defensive priority
Urgent. KEV listing plus known ransomware campaign use make this a top remediation item. Organizations should verify whether any affected Ivanti EPMM or MobileIron Core instances remain exposed and prioritize mitigation immediately.
Recommended defensive actions
- Inventory all Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core deployments.
- Review the vendor’s official guidance and apply the prescribed mitigations immediately.
- If mitigations are unavailable or cannot be validated quickly, discontinue use of the product as CISA recommends.
- Check for exposure to unauthenticated API access paths referenced by the vendor advisory.
- Search for signs of compromise and review authentication, API, and admin activity on affected systems.
- Prioritize incident response and containment if the product is internet-facing or otherwise broadly reachable.
Evidence notes
Evidence used is limited to the supplied CVE metadata, CISA KEV record, and official resource links. The corpus states: vendor/project Ivanti; product Endpoint Manager Mobile (EPMM) and MobileIron Core; vulnerability name Authentication Bypass Vulnerability; KEV date added 2024-01-18; due date 2024-02-08; known ransomware campaign use: Known; and required action: apply mitigations per vendor instructions or discontinue use if mitigations are unavailable. The supplied notes also reference an Ivanti forum advisory about remote unauthenticated API access in MobileIron Core 11.2 and older.
Official resources
-
CVE-2023-35082 CVE record
CVE.org
-
CVE-2023-35082 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
CVE published and modified on 2024-01-18. CISA added the issue to KEV on 2024-01-18 and set a remediation due date of 2024-02-08. The supplied corpus does not include a CVSS score.