{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-055.pdf"
    },
    "title": "High Vulnerability in Endpoint Manager Mobile (MobileIron Core)",
    "serial_number": "2023-055",
    "publish_date": "18-09-2023 11:49:27",
    "description": "On July 28, 2023, US-based IT software company Ivanti disclosed a Remote File Write vulnerability in its Endpoint Manager Mobile (EPMM) software, previously known as MobileIron Core.<br>\nThe vulnerability tracked as CVE-2023-35081 with as CVSS score of 7.2 out of 10, is actively exploited and allows an attacker to create, modify, or delete files on a victim's system remotely. Ivanti has released security patches addressing this vulnerability.<br>\n",
    "url_title": "2023-055",
    "content_markdown": "---\ntitle: 'High Vulnerability in Endpoint Manager Mobile (MobileIron Core)'\nversion: '1.0'\nnumber: '2023-055'\noriginal_date: 'July 28, 2023'\ndate: 'July 31, 2023'\n---\n\n_History:_\n\n* _31/07/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn July 28, 2023, US-based IT software company Ivanti disclosed a Remote File Write vulnerability in its Endpoint Manager Mobile (EPMM) software, previously known as MobileIron Core [1].\n\nThe vulnerability tracked as **CVE-2023-35081** with as CVSS score of 7.2 out of 10, is **actively exploited** and allows an attacker to create, modify, or delete files on a victim's system remotely [1]. Ivanti has released security patches [2] addressing this vulnerability.\n\n# Technical Details\n\n**CVE-2023-35081** enables an authenticated administrator to perform arbitrary file writes to the EPMM server. This vulnerability can be used in conjunction with **CVE-2023-35078** [3], bypassing administrator authentication and ACLs restrictions (if applicable).\n\nSuccessful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user.\n\n# Affected Products\n\nIvanti reports the vulnerability impacts all supported versions of Ivanti Endpoint Manager Mobile (EPMM) \u2013 Version 11.4 releases 11.10, 11.9 and 11.8.\n\nNote that **older versions/releases are also at risk**.\n\n# Recommendations\n\nCERT-EU strongly recommends reviewing Ivanti's security advisory [2] and upgrading affected systems to avoid potential exploitation of this vulnerability.\n\n# References\n\n[1] <https://www.mnemonic.io/resources/blog/threat-advisory-remote-file-write-vulnerability-in-ivanti-epmm/>\n\n[2] <https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081?language=en_US>\n\n[3] <https://www.cert.europa.eu/static/security-advisories/CERT-EU-SA2023-053.pdf>",
    "content_html": "<p><em>History:</em></p><ul><li><em>31/07/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On July 28, 2023, US-based IT software company Ivanti disclosed a Remote File Write vulnerability in its Endpoint Manager Mobile (EPMM) software, previously known as MobileIron Core [1].</p><p>The vulnerability tracked as <strong>CVE-2023-35081</strong> with as CVSS score of 7.2 out of 10, is <strong>actively exploited</strong> and allows an attacker to create, modify, or delete files on a victim's system remotely [1]. Ivanti has released security patches [2] addressing this vulnerability.</p><h2 id=\"technical-details\">Technical Details</h2><p><strong>CVE-2023-35081</strong> enables an authenticated administrator to perform arbitrary file writes to the EPMM server. This vulnerability can be used in conjunction with <strong>CVE-2023-35078</strong> [3], bypassing administrator authentication and ACLs restrictions (if applicable).</p><p>Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user.</p><h2 id=\"affected-products\">Affected Products</h2><p>Ivanti reports the vulnerability impacts all supported versions of Ivanti Endpoint Manager Mobile (EPMM) \u2013 Version 11.4 releases 11.10, 11.9 and 11.8.</p><p>Note that <strong>older versions/releases are also at risk</strong>.</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends reviewing Ivanti's security advisory [2] and upgrading affected systems to avoid potential exploitation of this vulnerability.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.mnemonic.io/resources/blog/threat-advisory-remote-file-write-vulnerability-in-ivanti-epmm/\">https://www.mnemonic.io/resources/blog/threat-advisory-remote-file-write-vulnerability-in-ivanti-epmm/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081?language=en_US\">https://forums.ivanti.com/s/article/KB-Arbitrary-File-Write-CVE-2023-35081?language=en_US</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cert.europa.eu/static/security-advisories/CERT-EU-SA2023-053.pdf\">https://www.cert.europa.eu/static/security-advisories/CERT-EU-SA2023-053.pdf</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}