Share
## https://sploitus.com/exploit?id=28F8298C-61E8-5468-BD71-18B70A8B06EF
# CVE-2023-35078

## shodan dorks

You can use the following shodan dorks to find public targets.

- `http.favicon.hash:362091310`
- `http.favicon.hash:545827989`
- `path=/mifs`

You can use the following to transform data from shodan API to format suitable for the checking script:

```bash
jq -cr 'select(.http.favicon.hash == 362091310) | [ if .ssl? then "https://" else "http://" end , (.ip_str) + ":" + (.port|tostring)] | add' example.json > your_data_file.txt
```

## usage

- clone the repository
- `./CVE-2023-35078.sh http[s]://your.target:port`  (define both protocol and target port)

If you want to test multiple targets, you can simply wrap it up with a loop:
`while read line; do ./CVE-2023-35078.sh $line; done < your_data_file.txt`

## additional info about the vuln

- https://socradar.io/critical-zero-day-in-ivanti-epmm-formerly-mobileiron-core-is-actively-exploited-cve-2023-35078/
- https://cyberplace.social/@GossiTheDog/110769716667847266
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
- https://doublepulsar.com/mobileirony-backdoor-allows-complete-takeover-of-mobile-security-product-and-endpoints-559733d612e1
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078

## details about vulnerable/patched versions

- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

> This vulnerability impacts all supported versions โ€“ Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.


- https://socradar.io/critical-zero-day-in-ivanti-epmm-formerly-mobileiron-core-is-actively-exploited-cve-2023-35078/

> you can fix the vulnerability by upgrading to EPMM versions 11.8.1.1, 11.9.1.1, and 11.10.0.2. These fixed versions also cover unsupported and End-of-Life (EoL) software versions that are lower than 11.8.1.0.