.. / CVE-2023-35082

Exploit for MobileIron Core - Remote Unauthenticated API Access (CVE-2023-35082)

Description:

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.

Nuclei Template

View the template here CVE-2023-35082.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-35082.yaml
Copy

References:

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
https://github.com/Chocapikk/CVE-2023-35082
https://github.com/Ostorlab/KEV
https://nvd.nist.gov/vuln/detail/CVE-2023-35082
https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/