---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'High Vulnerability in Endpoint Manager Mobile (MobileIron Core)'
version: '1.0'
number: '2023-055'
original_date: 'July 28, 2023'
date: 'July 31, 2023'
---
_History:_
* _31/07/2023 --- v1.0 -- Initial publication_
# Summary
On July 28, 2023, US-based IT software company Ivanti disclosed a Remote File Write vulnerability in its Endpoint Manager Mobile (EPMM) software, previously known as MobileIron Core [1].
The vulnerability tracked as **CVE-2023-35081** with as CVSS score of 7.2 out of 10, is **actively exploited** and allows an attacker to create, modify, or delete files on a victim's system remotely [1]. Ivanti has released security patches [2] addressing this vulnerability.
# Technical Details
**CVE-2023-35081** enables an authenticated administrator to perform arbitrary file writes to the EPMM server. This vulnerability can be used in conjunction with **CVE-2023-35078** [3], bypassing administrator authentication and ACLs restrictions (if applicable).
Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user.
# Affected Products
Ivanti reports the vulnerability impacts all supported versions of Ivanti Endpoint Manager Mobile (EPMM) – Version 11.4 releases 11.10, 11.9 and 11.8.
Note that **older versions/releases are also at risk**.
# Recommendations
CERT-EU strongly recommends reviewing Ivanti's security advisory [2] and upgrading affected systems to avoid potential exploitation of this vulnerability.
# References
[1]
[2]
[3]