CVE-2023-35078: Remote Authentication Bypass Vulnerability in Ivanti Endpoint Manager Mobile

Share :

On July 24th, 2023, Ivanti released a security advisory detailing a remote authentication bypass vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile. This vulnerability, with a CVSS score of 10, allows unauthenticated access to specific API paths, which could allow a threat actor to obtain personal identifiable information (PII) such as names, phone numbers, and other mobile device details. It also allows a threat attacker to make configuration changes such as creating an EPMM administrative account on a vulnerable system. 

This CVE was discovered and responsibly disclosed to Ivanti by security researchers. Ivanti notes that exploitation has been observed in the wild, and is currently investigating the situation. At this point in time, a proof of concept (PoC) exploit has not been published publicly. 

As demonstrated in CISA’s Known Exploited Vulnerabilities Catalog, threat actors have actively exploited Ivanti vulnerabilities in the past. Due to the severity of CVE-2023-35078, its active exploitation in the wild, and the fact that similar vulnerabilities have been weaponized by threat actors, Arctic Wolf strongly recommends upgrading to the latest available patch of Ivanti Endpoint Manager Mobile on all affected devices. 

Product  Vulnerable Versions 
Ivanti Endpoint Manager Mobile 

All supported versions – Version 11.4 releases: 11.10, 11.9, and 11.8. 

Older, unsupported versions are also affected. 


Recommendation for CVE-2023-35078: Apply the Latest Patch Released by Ivanti 

Arctic Wolf strongly recommends reviewing Ivanti’s security advisory and knowledge base article to access and apply the patch. Customer login is required. 

Please follow your organization’s patching and testing guidelines to avoid any operational impact.  


Picture of James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Subscribe to our Monthly Newsletter