Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
cyberplace.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Cybersecurity, fandom, video games, technology, dog photos and most importantly, you.

Administered by:

Server stats:

947
active users

cyberplace.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#mobileiron

0 posts0 participants0 posts today
Public *
h4sh

@simontsui @dangoodin @reverseics @kln @serghei

*edit: EPM != EPMM, I got confused

A lot of them are internet facing. The vendors wording is wrong. There are ~5900 EPMM instances on Shodan, and only ~1000 of them are up to the latest version (11.11).

The older versions of EPMM (up to and including 11.10) are also vulnerable to a bunch more actively exploited vulns upguard.com/blog/ivanti-epmm-m, including 3 auth bypasses and 1 arbitrary file write to system once you've bypassed auth. Multiple of these are in CISA KEV, and they are used for ransomware.

Due to the nature of this new SQLi vuln (CVE-2023-39336) allowing unauthenticated querying of MSSQL, it would most likely lead to RCE with things like xp_cmdshell

#ivanti #mobileiron is a complete dumpsterfire, I recommend throwing it out the window with full force

Public
:mastodon: decio

#CyberVeille #suisse #MobileIron #Ivanti

"Des pirates informatiques s'emparent des données de 2800 policiers bernois"

"Une faille de sécurité dans une application utilisée par la police bernoise a entraîné une importante fuite de données. Des pirates ont pu s'emparer de l'identité et des numéros de téléphone de l'ensemble des 2800 employés de la police cantonale."

"Le Centre national pour la cybersécurité (NCSC) a informé la police bernoise le 21 juillet de la faille de sécurité dans l'application "MobileIron". Le problème a été rapidement résolu mais les informations avaient déjà fuité."

👇
rts.ch/info/regions/berne/1424

Vulnérabilités:

Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile

⬇️
"On July 24, 2023, Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core, publicly disclosed details about an unauthenticated API access zero-day vulnerability. CVE-2023-35078 affects versions 11.10, 11.9 and 11.8, but older versions are also at risk of possible exploitation."

"Our research shows that a total of 85 countries hosted the 5,500 Ivanti Endpoint Manager Mobile servers on the internet. A dozen or so countries had a single server present at the time of our scan, but many countries had dozens each, if not hundreds. Germany and the United States both had over 1,000 servers.
source:Unit42"

👇
unit42.paloaltonetworks.com/th

Figure shows the breakdown of the top 10 countries hosting the highest number of servers. Sweden: 2.6% China: 2.7% -—’_\ \ Austria: 2.9% /\ Hong Kong: 3.0% -/\ The Netherlands: 4.0% /\ Germany: 42.0% France: 4.8% -\. —— ‘ United States: 27.0% / % paloalto
Continued thread
Public
Kevin Beaumont

The zero day saga continues.

The vendor note to customers says the flaw allows the attacker to "make limited changes to the server".

CISA have released a statement saying "An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system"

cisa.gov/news-events/alerts/20

Continued thread
Public *
Kevin Beaumont

The advisory is now public. Cyberbullying vendors into doing the right thing is my community service.

CVSS 10. “Remote unauthenticated API access”.

This one is completely nuts btw, I set up a honeypot and it’s already being probed via the API - which allows admin access and is completely unauthenticated, apparently nobody ever pentested one of the most widely used MDM solutions.

forums.ivanti.com/s/article/CV

GIF
Continued thread
Public *
Kevin Beaumont

⚠️ Regarding the vulnerability ⚠️

Patches are out for 11.8.1.1, 11.9.1.1 and 11.10.0.2. It also applies to unsupported and EOL versions.

It's a serious zero day vulnerability which is very easy to exploit, where Ivanti are trying to hide it for some reason - this will get mass internet swept. I'd strongly recommend upgrading, and if you can’t get off EOL, switch off the appliance.

ExploreLive feeds
About