One another high severity vulnerability has been disclosed by Ivanti impacting Endpoint Manager Mobile (EPMM), which has been weaponized as part of an exploit chain by malicious actors in the wild.
The vulnerability, tracked as CVE-2023-35081 with a CVSS score: 7.8, impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life.
This vulnerability enables an authenticated administrator to perform arbitrary file writes to the EPMM server. In conjunction with CVE-2023-35078, this also can be used to bypass administrator authentication and ACLs restrictions.
A successful exploit could allow a threat actor to write arbitrary files on the appliance, thereby enabling the malicious party to execute OS commands on the appliance as the tomcat user.
As of now, we are only aware of the same limited number of customers impacted by CVE-2023-35078 as being impacted by CVE-2023-35081.Ivanti Statement