CVE-2023-35082

CRITICAL KEV RANSOMWARE NUCLEI

Ivanti Endpoint Manager Mobile < 11.11.0 - Unauthenticated Authentication Bypass

Title source: llm

Exploitation Summary

CVE-2023-35082 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 18, 2024, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including Chocapikk. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that scans for CVE-2023-35082 and CVE-2023-35078 by querying specific API endpoints to retrieve authorized user information. It supports both single and mass URL scanning, with verbose output and file-based results.

Description

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

Exploits (1)

nomisec SCANNER 3 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2023-35082

View Code ZIP pw:eip

This repository contains a Python script that scans for CVE-2023-35082 and CVE-2023-35078 by querying specific API endpoints to retrieve authorized user information. It supports both single and mass URL scanning, with verbose output and file-based results.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Ivanti Sentinel (formerly MobileIron Core)

No auth needed

Prerequisites: Network access to the target Ivanti Sentinel instance

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

MobileIron Core - Remote Unauthenticated API Access

CRITICALVERIFIEDby DhiyaneshDk

Shodan: http.favicon.hash:362091310 || http.favicon.hash:"362091310"

FOFA: icon_hash="362091310"

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082

Vendor Advisory

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US

Scores

CVSS v3 9.8

EPSS 0.9440

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-01-18

VulnCheck KEV 2023-11-15

InTheWild.io 2024-01-18

ENISA EUVD EUVD-2023-39117

Ransomware Use Confirmed

CWE

CWE-287

Status published

Products (1)

ivanti/endpoint_manager_mobile < 11.11.0

Published Aug 15, 2023

KEV Added Jan 18, 2024

Tracked Since Feb 18, 2026