Scroll to top

Get In Touch
541 Melville Ave, Palo Alto, CA 94301,
ask@ohio.clbthemes.com
Ph: +1.831.705.5448

Work Inquiries
work@ohio.clbthemes.com
Ph: +1.831.306.6725

Back
Cyber Security
5 min read

CVE 2023-35078 (Zero Day)

Home Cloud Computing & Cyber Security Cyber Security CVE 2023-35078 (Zero Day)

On 24th July 2023 Mobile Device Management solution from Ivanti got the Zero-day vulnerability which was exploited by hackers to get the data of government organizations.

The first Attack was confirmed by the Norwegian government they told that their MDM solution (product of Ivanti) has a zero-day vulnerability and which affects there 12 ministries in the country.

The flow starts when the MDM solution had integrated the Azure AD code to make the product join with the Azure AD domain but this introduces the flow as this will give the unauthenticated access to the MDM solution API as an admin user.

Technical Details of CVE 2023-35078

As this bug is introduced by a vulnerable endpoint so as an attacker we have to find out the endpoint which is vulnerable and not ask for creds after that we have to change the Uri path of the legitimate request to the vulnerable one.

Example:

Normal request: https://example.server/api/v2/

Attacker request: https://example.server/vulnerable path/api/v2/admin/user – To list all users

Attacker request: https://example.server/vulnerable path/api/v2/devices – To list all devices

Attacker request: https://example.server/vulnerable path/api/v2/ldap_entites – To search active directory inside the organization

You can find out whether your MDM solution vulnerability is exploited or not by analyzing your logs if you found abnormal requests like the above then please update to the non-vulnerable version.

Note: Vulnerable endpoint you can find by using a publicly available document – https://help.ivanti.com/mi/help/en_us/CORE/10.8.0.0/api2/Content/APIv2/APIv2Title.htm

How you can Find your system to patch?

You can search on Shodan your assets path =/mifs SSL:.example.com

Affected Versions

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9, and 11.8. Older versions/releases are also at risk.

If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.

We have received information from a credible source indicating exploitation has occurred. We continue to work with our customers and partners to investigate this situation.

Author avatar
Sanadhya Kaushik
Next Post
Partnership Announement

Recent Posts

Sanadhya Kaushik
Posted by Sanadhya Kaushik
June 16, 2023
Cyber Security
27 min read

MOVEit Transfer SQL Injection Vulnerability CVE-2023-34362

On 31, May 2023 organization named Progress found a critical vulnerability in the Moveit Transfer environment which provide unauthorized access to the attacker.MOVEit Transfer…

Read More
Sanadhya Kaushik
Posted by Sanadhya Kaushik
April 10, 2023
Cyber Security
4 min read

Open AI Web cache deception vulnerability

Security researchers found a critical account takeover vulnerability in the OpenAI ChatGPT application that allowed an attacker to take over someone’s account, access their…

Read More

Post a comment

Your email address will not be published. Required fields are marked *