Skip to main content

Overview

Ivanti has reported a critical vulnerability (CVE-2023-35081) that affects all versions of Ivanti Endpoint Manager Mobile (EPMM) (previously known as MobileIron Core).  If exploited, this vulnerability could allow an attacker with administrator-level privileges to perform arbitrary file writes to the server.

This vulnerability can be exploited in conjunction with CVE-2023-35078 to bypass administrator authentication and access-control list restrictions. Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user.  Patching against CVE-2023-35081 will also fix the CVE-2023-35078 vulnerability.

Older versions of MobileIron Core are affected by a critical vulnerability, CVE-2023-35082 (CVSS rating of 10), which could allow an attacker to bypass authentication and then access normally restricted functions or resources.  Users of MobileIron Core version 11.2 or older versions are recommended to upgrade to the latest version of Ivanti Endpoint Manage Mobile (EPMM). 

PaperCut has released a security update to address three high-severity vulnerabilities in the PaperCut MF/NG Application Servers and Site Servers:

  • CVE-2023-3486 – could allow an unauthenticated attacker with direct server IP access to upload arbitrary files into a targeted directory. This could be used to fill up the server’s hard disk and prevent the PaperCut Server from operating as expected.
  • CVE-2023-39143 – could allow path-traversal to read and write arbitrary files. Direct server IP access is required.
  • CVE-2022-21724 – where someone already has administrator access to a PaperCut Server they could use exploit this vulnerability to gain further privileges.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

Ivanti              Article – CVE-2023-35081

                        Article – CVE-2023-35082

PaperCut       Security Bulletin

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

 

 

Topics

  • Advisory
  • Vulnerability
  • Patches and Updates