Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)

Ivanti EPMM, formerly MobileIron Core, is facing another zero-day vulnerability CVE-2023-35081. Successful exploitation of the vulnerability will allow an authenticated administrator to perform arbitrary file writes to the EPMM server.

Arbitrary file write (AFW) is a type of vulnerability that can allow attackers to escalate their privileges and even achieve remote code execution (RCE) on the server.

The vulnerability can be combined with CVE-2023-35078 for bypassing administrator authentication and ACL restrictions (if applicable).

CISA has added a publicly exploited CVE-2023-35081 to its Known Exploited Vulnerabilities Catalog urging users to apply the patch before August 21.

Ivanti has mentioned in the advisory that “the same limited number of customers impacted by CVE-2023-35078 as being impacted by CVE-2023-35081.” The vendor has not shared any exploit details with the public.

Ivanti Endpoint Manager Mobile (EPMM) manages and secures mobile devices. The tool simplifies inventory, configuration, and management of mobile devices. In addition, it helps in creating profiles and enforcing restrictions and security policies.

Vulnerability Details

CVE-2023-35081 is a path traversal vulnerability that an authenticated attacker may use to write malicious files to the appliance. The vulnerability ultimately allows a malicious attacker to execute OS commands on the appliance as the tomcat user.

Affected versions

This vulnerability impacts Ivanti EPMM versions 11.10, 11.9 and 11.8. Older versions or releases are also at risk.

Mitigation

Customers must upgrade to the following versions to patch the vulnerability:

  • 11.8.1.2
  • 11.9.1.2
  • 11.10.0.3

Please refer to the Knowledge Base article for more information.

Qualys Detection

Qualys customers can scan their devices with QID 730859 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081?language=en_US

Leave a Reply

Your email address will not be published. Required fields are marked *