SUBJECT: Urgent Mitigation Required: CVE-2023-35082 - Unauthenticated API Access in Ivanti EPMM
TECH STACK: Ivanti Endpoint Manager Mobile (EPMM) 11.10 and earlier
DATE(S) ISSUED: 08/15/2023
NVD Last Modified: 01/18/2024
CRITICALITY: CRITICAL (CVSSv3 score: 9.8)
OVERVIEW:
An authentication bypass vulnerability in Ivanti EPMM 11.10 and earlier versions allows unauthorized users to access restricted functionality or resources without proper authentication. This vulnerability puts your entire mobile device management system at risk.
SOLUTION/MITIGATION:
- Upgrade to the latest version of Ivanti EPMM: This is the strongly recommended and most effective solution. Ivanti has released patches for all supported versions (later than 11.10) that address this vulnerability. Download and install the latest patch immediately.
- If upgrading is not immediately possible: Implement the following temporary mitigations:
- Restrict network access: Block all inbound traffic to the EPMM server except for essential ports (443 for HTTPS, 9997 for Ivanti notifications, and 8883 for Mobile Threat Defense, if used). However, be aware that this mitigation may impact some functionalities.
- Disable unused APIs: If possible, disable any APIs that you are not actively using. This will reduce the attack surface.
Additional mitigation steps:
- Enable multi-factor authentication (MFA): This adds an extra layer of security by requiring a second factor for authentication, even if attackers exploit the vulnerability.
- Monitor logs for suspicious activity: Regularly monitor your EPMM logs for any signs of unauthorized access attempts.
- Keep software updated: Always keep your EPMM software and other related systems updated with the latest patches to address any newly discovered vulnerabilities.
Confirmation & Additional Information:
- Verify that you have applied the appropriate mitigation steps by checking your EPMM version and network configuration.
- For detailed instructions on applying the patch or implementing the temporary mitigations, refer to the official Ivanti advisory.
- For further information about this vulnerability, refer to the National Vulnerability Database (NVD) entry
REFERENCES:
