One Man’s Trash is Another Man’s “Breach”: Ivanti EPMM vulnerability Exploited
* Recently, cybersecurity researchers discovered a hack for a vulnerability in older versions of Ivanti Endpoint Manager Mobile (EPMM).
* Ivanti has urged all users to update to the latest version of the software.
* This vulnerability is known as CVE-2023-35082 (CVSS score: 10.0) and was unearthed by Rapid7.
* The issue allows unauthorized individuals to access EPMM’s API.
EPMM’s Dirty Little Secret
It seems we have a defcon 1 situation in our hands, folks! Cybersecurity researchers have been quick on their feet and have discovered a bypass in some older versions of Ivanti Endpoint Manager Mobile (EPMM). I guess old stuff really does come back to haunt you – and not in the cool way like your retro video games! The bypass works around a recently fixed vulnerability, which had been getting more attention than a cat video at an office party.
Cut the Cord, Update Your Software!
Ivanti’s reaction to this was what you’d expect from any tech company caught with its pants down. Quick, swift, and with a straight face, they urged all users to update to the latest version of software. Well, people, you heard the man, hit that update button faster than when you swipe left on a bad Tinder profile!
CVE-2023-35082: More Than Just a Number
This ghost from the past is officially known in the halls of cybersecurity fame as CVE-2023-35082, decidedly less catchy than the Flinstones’ running gag, “Yabba Dabba Doo!”. Tracked by the wise folks at Rapid7, this issue has a CVSS score of a perfect 10.0 – not the kind you’d want to bring home to meet your parents. No, this score indicates maximum criticality!
A Skeleton Key to EPMM’s Home
In the tech world, there’s nothing worse than unauthorized access – kind of like when your pesky little brother breaks into your secret stash of cookies. This discovered dishonorable loophole allows any unauthenticated attackers to access the API in older, unsupported versions of Ivanti EPMM.
In this digital age, keeping an eye on vulnerabilities in old software versions is as vital as not forgetting your wife’s birthday. Recently, a bypassing method for a vulnerability in outdated versions of Ivanti Endpoint Manager Mobile was uncovered. Ivanti has hurriedly called for all users to update their software, in the same manner you’d quickly try to save your behind when you’ve burned the roast dinner. As this situation shows, reminding your tech buddies to constantly update their software is no joke; you could be saving them from a hairy breach situation. Or, you know, the equivalent of your little brother pillaging your cookie jar…
Original Article: https://thehackernews.com/2023/08/researchers-discover-bypass-for.html