On July 24th, 2023, Ivanti released a security advisory detailing a remote authentication bypass vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile. This vulnerability, with a CVSS score of 10, allows unauthenticated access to specific API paths, which could allow a threat actor to obtain personal identifiable information (PII) such as names, phone numbers, and other mobile device details. It also allows a threat attacker to make configuration changes such as creating an EPMM administrative account on a vulnerable system.
This CVE was discovered and responsibly disclosed to Ivanti by security researchers. Ivanti notes that exploitation has been observed in the wild, and is currently investigating the situation. At this point in time, a proof of concept (PoC) exploit has not been published publicly.
As demonstrated in CISA’s Known Exploited Vulnerabilities Catalog, threat actors have actively exploited Ivanti vulnerabilities in the past. Due to the severity of CVE-2023-35078, its active exploitation in the wild, and the fact that similar vulnerabilities have been weaponized by threat actors, Arctic Wolf strongly recommends upgrading to the latest available patch of Ivanti Endpoint Manager Mobile on all affected devices.
| Product | Vulnerable Versions |
| Ivanti Endpoint Manager Mobile |
All supported versions – Version 11.4 releases: 11.10, 11.9, and 11.8. Older, unsupported versions are also affected. |
Recommendation for CVE-2023-35078: Apply the Latest Patch Released by Ivanti
Arctic Wolf strongly recommends reviewing Ivanti’s security advisory and knowledge base article to access and apply the patch. Customer login is required.
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
