Conversation

Notices

1. Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:43 UTC Kevin Beaumont

   Which vendor is going to declare a happy little vulnerability this week rather than a zero day?

   • Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:38 UTC Kevin Beaumont

     in reply to

     The #MobileIron advisory is now public. Cyberbullying vendors into doing the right thing is my community service.

     CVSS 10. “Remote unauthenticated API access”. #threatintel

     This one is completely nuts btw, I set up a honeypot and it’s already being probed via the API - which allows admin access and is completely unauthenticated, apparently nobody ever pentested one of the most widely used MDM solutions.

     https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

   • Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:39 UTC Kevin Beaumont

     in reply to

     Ivanti argue they are “practicing responsible disclosure protocols” by trying to hide a zero day in their own product, MobileIron, and lock technical details behind non-disclosure agreements to avoid people understanding the severity of their fail. https://therecord.media/ivanti-urges-customers-to-apply-patch

     jartigag repeated this.
   • Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:40 UTC Kevin Beaumont

     in reply to

     • Will Dormann

     Heise have picked up on the #MobileIron zero day. It's under active exploitation, Ivanti have put security information behind a paywall portal and hidden exploitation information behind a non-disclosure agreement.

     Ivanti are also a security vendor.

     cc @wdormann https://www.heise.de/news/Ivanti-schliesst-Zero-Day-Luecke-in-MobileIron-9225583.html

   • Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:40 UTC Kevin Beaumont

     in reply to

     What is this nonsense. They have a public security blog.. that they’re not using as soon as they have a security issue in their own back garden.

   • Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:41 UTC Kevin Beaumont

     in reply to

     ⚠️ Regarding the #MobileIron vulnerability ⚠️

     Patches are out for 11.8.1.1, 11.9.1.1 and 11.10.0.2. It also applies to unsupported and EOL versions.

     It's a serious zero day vulnerability which is very easy to exploit, where Ivanti are trying to hide it for some reason - this will get mass internet swept. I'd strongly recommend upgrading, and if you can’t get off EOL, switch off the appliance.

   • Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 24-Jul-2023 22:56:42 UTC Kevin Beaumont

     in reply to

     We have a winner already - CVE-2023-35078, zero day in #MobileIron aka Ivanti Endpoint Manager Mobile

     Exploitation in the wild. #threatintel
     https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078