CVE-2023-35078CISA KEV: Actively Exploited

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Published Jul 25, 2023·Updated Jul 25, 2023

Description

Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.

Public Exploits & PoCs9 found

PoC: CVE-2023-35078-Poc-Exploit

This tool is built in golang language to exploit CVE-2023-35078 vulnerability inspired by similar tool in python language https://github.com/vchan-in/CVE-2023-35078-Exploit-POC

1

PoC: CVE-2023-35078

CVE-2023-35078 - Ivanti MobileIron Core Remote Unauthenticated API Access Exploit tool

PoC: CVE-2023-35078

CVE-2023-35078 Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.

PoC: CVE-2023-35078

Ivanti Endpoint Manager Mobile (EPMM) POC

PoC: CVE-2023-35078

Ivanti Endpoint Manager Mobile exploit

PoC: nmap-CVE-2023-35078-Exploit

Nmap script to exploit CVE-2023-35078 - Mobile Iron Core

PoC: CVE-2023-35078

Easy and non-intrusive script to check for CVE-2023-35078

PoC: CVE-2023-35078

Proof of concept script to check if the site is vulnerable to CVE-2023-35078

PoC: CVE-2023-35078-Exploit-POC

CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free