AdvisoryAdvisoriesCISAAA23-213A

August 1, 2023

Ivanti EPMM Vulnerabilities

August 1, 2023

What we know so far

The joint Cybersecurity Advisory (CSA) by CISA and NCSC-NO addresses the active exploitation of CVE-2023-35078 and CVE-2023-35081, emphasizing the threat posed by Advanced Persistent Threat (APT) actors. Ivanti has released patches for both vulnerabilities, but it was observed that the threats could be chained together for even more significant impact. The vulnerabilities affect Ivanti Endpoint Manager Mobile (EPMM), allowing unauthorized access to personally identifiable information and granting the ability to make configuration changes on compromised systems. As Mobile Device Management (MDM) systems are attractive targets for APT actors, CISA and NCSC-NO express concern about potential widespread exploitation in government and private sector networks. 

Arrow Right

Schedule a test

Our insights

Protect your endpoints

Subscribe to alerts

August 1, 2023

Insights by Prelude

Ivanti Endpoint Manager Mobile (EPMM) comes with a mobile device management server that is vulnerable to both a critical authentication bypass and a directory traversal vulnerability (seen chained together in the advisory). These security bugs are exposed through the API on the system. Several protected routes on the API can be prefaced with “/mifs/aad” to bypass authentication and remotely download PII from the server. For example, the route “/mifs/aad/api/v2/authorized/users” can be used to view users and administrators on the EPMM device. Endpoint defenses, such as EDR, should detect this technique and prevent the requests from completing normally.

See if you are protected against this advisory

Arrow Right

Schedule a test with Prelude

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories

AdvisoryAdvisoryCISAAA24-207A

July 25, 2024

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

AdvisoryAdvisoryCISAAA24-193A

July 11, 2024

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

AdvisoryAdvisoryCISAAA24-190A

July 9, 2024

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

See all advisories

Arrow Right
Solutions
For Detection & Response TeamsFor CISOs
Platform
DetectCrowdStrike
Company
AboutCareersBlogAdvisoriesResourcesCommunityPress
Book a Demo

©2024 Prelude Research, Inc. All rights reserved.
Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Cookies

Happening Soon: CTI to Assurance: Automating Proactive Threat Management With Prelude Detect
Save Your Seat
Arrow Right