Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-35078 PoC — Ivanti Endpoint Manager Mobile 授权问题漏洞

Source
https://github.com/0nsec/CVE-2023-35078
Associated Vulnerability
Title:Ivanti Endpoint Manager Mobile 授权问题漏洞 (CVE-2023-35078)
Description:Ivanti Endpoint Manager Mobile(Ivanti EPMM)是美国Ivanti公司的一个移动管理软件引擎。 Ivanti Endpoint Manager Mobile 11.10及之前版本存在授权问题漏洞,该漏洞源于存在身份验证绕过,允许远程攻击者获取PII、添加管理帐户并更改配置。
Description
CVE-2023-35078 Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.
Readme
# CVE-2023-35078 Exploit POC

```sh
██████╗ ███╗   ██╗███████╗███████╗ ██████╗
██╔═████╗████╗  ██║██╔════╝██╔════╝██╔════╝
██║██╔██║██╔██╗ ██║███████╗█████╗  ██║     
████╔╝██║██║╚██╗██║╚════██║██╔══╝  ██║     
╚██████╔╝██║ ╚████║███████║███████╗╚██████╗
 ╚═════╝ ╚═╝  ╚═══╝╚══════╝╚══════╝ ╚═════╝
```
CVE-2023-35078 Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.
This vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.

## Usage
```
python cve_2023_35078_poc.py -u http://
python cve_2023_35078_poc.py -f urls.txt
```


## References
- https://nvd.nist.gov/vuln/detail/CVE-2023-35078
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability	
- https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078	
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078	
- https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
File Snapshot

 [4.0K]  /data/pocs/6ff4544ccfe9238a6ae1485e218bb8ad28152f4f
├── [4.8K]  cve_2023_35078.py
├── [1.8K]  README.md
└── [ 116]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.