Ivanti has confirmed that its end-of-life MobileIron Core versions 11.2 and older are being impacted by a new critical authentication bypass vulnerability, which could be leveraged to compromise mobile device users' personally identifiable information and enable webshell deployment in impacted servers, reports BleepingComputer.
No fixes are being planned for the vulnerability, tracked as CVE-2023-35082, according to Ivanti, which said that remediations are available in newest Endpoint Manager Mobile version.
"This vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM. Our Support team is always available to help customers to upgrade," said Ivanti.
Ivanti's disclosure of the new security bug comes after a warning from the Cybersecurity and Infrastructure Security Agency regarding the exploitation of two other Ivanti EPMM bugs, tracked as CVE-2023-35078 and CVE-2023-35081, in attacks since April, with the former having been used to compromised various government entities in Norway.
Endpoint/Device Security, Vulnerability Management
New Ivanti MobileIron Core vulnerability detailed
Share
Related Terms
Anti-MalwareAntivirus SoftwareBuffer OverflowBugDisassemblyEndpoint SecurityEphemeral PortFirmwareKeyloggerRegistryGet daily email updates
SC Media's daily must-read of the most current and pressing daily news