How to find Ivanti EPMM (MobileIron Core)
How to find Ivanti Endpoint Manager Mobile (EPMM) with runZero #
On July 24th, Ivanti announced that their Endpoint Manager Mobile (EPMM, formerly MobileIron Core) product versions 11.10 and prior contain a critical authentication bypass vulnerability. Successfully exploiting this vulnerability would allow an unauthenticated remote attacker to access users’ personally identifiable information (PII) and make changes to the vulnerable server.
There is evidence that this vulnerability is being exploited in the wild.
What is Ivanti Endpoint Manager Mobile (EPMM)? #
Ivanti Endpoint Manager Mobile (EPMM) is a mobile management software product that helps organizations set policies for mobile devices, applications, and content. It was formerly known as MobileIron Core. What is the impact? An unauthenticated remote attacker who successfully exploited this vulnerability would be able to retrieve users’ personally identifiable information (PII) and make changes to the vulnerable server. This is due to an authentication bypass vulnerability, meaning that in some cases an attacker can bypass authentication controls.
With a CVSS score of 10.0, this vulnerability is considered critical. There is evidence that this vulnerability is being exploited in the wild and this vulnerability has been added to the CISA Known Exploited Vulnerabilities catalog.
Are updates available? #
Ivanti has released a patch for this vulnerability and issued guidance for customers on how to upgrade.
How do I find potentially vulnerable Ivanti Endpoint Management Mobile services with runZero? #
_asset.protocol:http AND protocol:http AND html.title:"Ivanti User Portal: Sign In"
product:”Ivanti Endpoint Manager Mobile”
Results from the above query should be triaged to determine if they require patching. As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.
Get runZero for free
Don’t have runZero and need help finding potentially vulnerable Ivanti EPMM instances?Get started
September 29, 2023
How to find WS_FTP Server instances?
How to find WS_FTP Server instances? # On September 27th, Progress Sofware announced eight vulnerabilities in the WS_FTP Server software. These issues can lead to a full compromise of exposed WS_FTP systems and their data through the FTP, SSH, and web management services, …Read More
September 26, 2023
How to find TeamCity instances
How to find TeamCity assets? # On September 20th, JetBrains announced a critical authentication bypass vulnerability that impacts users running the TeamCity On-Premises product. The vulnerability is being tracked using CVE-2023-42793 and presents the weakness of CWE-288 …Read More
September 12, 2023
How to find OpenSSL 1.1 instances
How to find OpenSSL 1.1 instances # On September 11th, the venerable OpenSSL 1.1.1 reached its end of life date. That means that it will no longer be receiving publicly-available security fixes. Users without a third-party extended support contract will no longer receive …Read More