Ivanti EPMM CVE-2023-39335/39337
At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. In the best interests of our customers, we are always investigating, assessing, monitoring, and validating the security posture of our solutions. We collaborate with the broader security ecosystem to share intelligence and appreciate when we are made aware of issues via responsible disclosure from reputable sources.
As part of our ongoing strengthening of the security of our products we have discovered two new vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core. We are reporting these vulnerabilities as CVE-2023-39335 and CVE-2023-39337.
These vulnerabilities impact all supported versions of the products – EPMM Versions 11.10, 11.9 and 11.8. Older versions/releases are also at risk. Customers that do not have Sentry have limited exposure to these vulnerabilities. These vulnerabilities do not affect other Ivanti products or solutions, including Ivanti Neurons for MDM (MobileIron Cloud) and are not related to CVE-2023-35078, CVE-2023-35081, CVE-2023-350782 reported in July and August.
By taking advantage of a physically stolen device insider threats who already have a valid user certificate, or systems that have open enrollment, a threat actor can impersonate an authenticated user to:
- Obtain a valid certificate for another EPMM user. (39337)
- Enroll a device for another EPMM user (39335).
The vulnerabilities can be chained to allow an unauthenticated user to access resources behind Sentry. Because of the prerequisite information required for exploitation, the attacker would have to be highly sophisticated to perform the attack chain.
Upon learning of the vulnerabilities, we immediately mobilized resources to fix the problem and have fixes available now for all impacted versions. More detailed information is available in these Security Advisories.
Our Support team is always available to help customers. Cases can be logged via the Success portal (login credentials required).
Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.