Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-35078 PoC — Ivanti Endpoint Manager Mobile 授权问题漏洞

Source
https://github.com/lager1/CVE-2023-35078
Associated Vulnerability
Title:Ivanti Endpoint Manager Mobile 授权问题漏洞 (CVE-2023-35078)
Description:Ivanti Endpoint Manager Mobile(Ivanti EPMM)是美国Ivanti公司的一个移动管理软件引擎。 Ivanti Endpoint Manager Mobile 11.10及之前版本存在授权问题漏洞,该漏洞源于存在身份验证绕过,允许远程攻击者获取PII、添加管理帐户并更改配置。
Description
Proof of concept script to check if the site is vulnerable to CVE-2023-35078
Readme
# CVE-2023-35078

## shodan dorks

You can use the following shodan dorks to find public targets.

- `http.favicon.hash:362091310`
- `http.favicon.hash:545827989`
- `path=/mifs`

You can use the following to transform data from shodan API to format suitable for the checking script:

```bash
jq -cr 'select(.http.favicon.hash == 362091310) | [ if .ssl? then "https://" else "http://" end , (.ip_str) + ":" + (.port|tostring)] | add' example.json > your_data_file.txt
```

## usage

- clone the repository
- `./CVE-2023-35078.sh http[s]://your.target:port`  (define both protocol and target port)

If you want to test multiple targets, you can simply wrap it up with a loop:
`while read line; do ./CVE-2023-35078.sh $line; done < your_data_file.txt`

## additional info about the vuln

- https://socradar.io/critical-zero-day-in-ivanti-epmm-formerly-mobileiron-core-is-actively-exploited-cve-2023-35078/
- https://cyberplace.social/@GossiTheDog/110769716667847266
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
- https://doublepulsar.com/mobileirony-backdoor-allows-complete-takeover-of-mobile-security-product-and-endpoints-559733d612e1
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078

## details about vulnerable/patched versions

- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

> This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.


- https://socradar.io/critical-zero-day-in-ivanti-epmm-formerly-mobileiron-core-is-actively-exploited-cve-2023-35078/

> you can fix the vulnerability by upgrading to EPMM versions 11.8.1.1, 11.9.1.1, and 11.10.0.2. These fixed versions also cover unsupported and End-of-Life (EoL) software versions that are lower than 11.8.1.0.
File Snapshot

 [4.0K]  /data/pocs/7a6f0148559b9afb683a7c62c55b7da9ca123bbb
├── [3.5K]  CVE-2023-35078.sh
├── [ 34K]  LICENSE
└── [1.9K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.