Ivanti Endpoint Manager Mobile Remote Unauthenticated API Access (CVE-2023-35082)

critical Nessus Plugin ID 179335

Synopsis

Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is affected by a remote unauthenticated api access vulnerability.

Description

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is affected by an undisclosed unauthenticated API access vulnerability.

Solution

Update to Ivanti Endpoint Manager Mobile version 11.3 or later

See Also

http://www.nessus.org/u?7e7f6a39

http://www.nessus.org/u?0a63691a

Plugin Details

Severity: Critical

ID: 179335

File Name: ivanti_endpoint_manager_mobile_CVE-2023-35082.nbin

Version: 1.37

Type: remote

Family: Misc.

Published: 8/3/2023

Updated: 11/22/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-35082

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ivanti:mobileiron, cpe:/a:mobileiron:core

Required KB Items: installed_sw/MobileIron Core

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/24/2023

Vulnerability Publication Date: 7/24/2023

CISA Known Exploited Vulnerability Due Dates: 2/8/2024

Reference Information

CVE: CVE-2023-35082

IAVA: 2023-A-0392