This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Ivanti EPMM suffers from an **Authentication Bypass** flaw. π **Consequences**: Unauthorized users can access restricted app features and sensitive resources without logging in.β¦
π’ **Vendor**: Ivanti. π± **Product**: EPMM (Endpoint Manager Mobile), formerly known as **MobileIron Core**. β οΈ **Affected Versions**: Version **11.10 and older**. If you are running these versions, you are at risk.
Q4What can hackers do? (Privileges/Data)
π» **Hacker Actions**: Attackers can perform **Remote Unauthenticated API Access**.β¦
π₯ **Public Exploit**: **YES**. A Python-based scanner exists on GitHub (Chocapikk/CVE-2023-35082). π§ͺ **PoC**: It actively scans for this CVE and CVE-2023-35078, fetching user data.β¦
β‘ **Urgency**: **HIGH**. π¨ **Priority**: Immediate action required. Since it allows **unauthenticated** access to sensitive user data (emails, IPs, roles), it is a critical privacy and security risk.β¦