Back to KEVs

CVE-2023-35078

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 13, 2023
Published Date
July 25, 2023
Last Updated
August 02, 2024
Vendor
Ivanti
Product
Endpoint Manager Mobile
Description
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

CVSS Scores

CVSS v3.0

10.0 - CRITICAL

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2023-07-25 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2024-03-29 14:15:49 UTC) Source
Used in Malware
Yes (added 2023-07-25 00:00:00 UTC) Source

References

https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability

Known Exploited Vulnerability Information

Source Added Date
CISA 2023-07-25 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-35078.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

0nsec/CVE-2023-35078

Type: github • Created: 2024-03-29 14:15:49 UTC • Stars: 1

CVE-2023-35078 Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.

raytheon0x21/CVE-2023-35078

Type: github • Created: 2023-07-31 02:24:24 UTC • Stars: 5

Tools to scanner & exploit cve-2023-35078

lager1/CVE-2023-35078

Type: github • Created: 2023-07-29 19:58:33 UTC • Stars: 5

Proof of concept script to check if the site is vulnerable to CVE-2023-35078

vchan-in/CVE-2023-35078-Exploit-POC

Type: github • Created: 2023-07-29 05:06:27 UTC • Stars: 117

CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC