Initiatives pour
    
    En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
      
     
                  Reference:
Advisory #2023-97
Version:
1.0
Affected software:
Ivanti Endpoint Manager Mobile (EPMM): v11.10, v11.9, v11.8
Ivanti MobileIron Core (Unsupported versions) = v11.7
Type:
Unauthenticated API Access Vulnerability
CVE/CVSS:
CVE-2023-35082: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
If exploited, this vulnerability enables an unauthorized, remote actor to perform a multitude of operations as outlined in the official API documents, including the ability to disclose personally identifiable information (PII) and perform modifications to the platform. When this vulnerability is chained with another vulnerability, e.g. CVE-2023-35081, an attacker could be able to deploy a web shell on the targeted server.
This vulnerability impacts ALL vertices of the CIA triad.
This authentication bypass vulnerability was discovered by Rapid7 researchers when investigating CVE-2023-35078, another authentication bypass vulnerability in Ivanti EPMM. (See our advisory of 25/07/2023)
CVE-2023-35082 was first reported to be only affecting MobileIron Core version 11.2 and prior, but further investigation revealed that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9 and 11.8, and MobileIron Core 11.7 and below.
Ivanti provided a RPM script that only addresses CVE-2023-35082 and does not address prior vulnerabilities. Ivanti recommends moving to a patched, supported release (EPMM v11.8.1.2, v11.9.1.2 & v11.10.0.3) first before applying the RPM script. When available, version 11.11 will address all known vulnerabilities.
The Centre for Cybersecurity Belgium strongly recommends Windows system administrators to take the following actions:
Ivanti highly recommends to upgrade to a supported version of Ivanti Endpoint Manager Mobile (v11.8.1.2, v11.9.1.2 & v11.10.0.3) before running the RPM Script to address CVE-2023-35082.
Some remarks about the script by Ivanti: