October 3, 2023

Ivanti disclosed yet another new critical vulnerability in its MobileIron Core mobile device management software.

Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API access vulnerability affecting MobileIron Core version 11.2 and older.

Successful exploitation allows attackers to access personally identifiable information of mobile device users and backdoor compromised servers by deploying web shells when chaining the bug with other flaws.

Ivanti said since MobileIron Core 11.2 has been out of support since March 15, 2022 would not issue security patches to fix this flaw because it has already been addressed in newer versions of the product, rebranded to Endpoint Manager Mobile (EPMM).

This vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM.

More than 2,200 MobileIron user portals are currently exposed online, as per the shodan search, including devices connected to the U.S. local and state government agencies.

More information can be found in the link of Rapid7 blog who discovered the flaw.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: