CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 8, 2024
High
CISA KEVRansomwareCVE-2023-35082
Ivanti—Endpoint Manager Mobile (EPMM) and MobileIron Core
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
Required Action
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older; https://nvd.nist.gov/vuln/detail/CVE-2023-35082
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Jan 18, 2024
- KEV Added
- Jan 18, 2024
- Due Date
- Feb 8, 2024
- Related Articles
- 0
Vendor
Ivanti
Endpoint Manager Mobile (EPMM) and MobileIron Core