Ivanti EPMM - Authentication Bypass (CVE-2023-35082)
166Exploiting IPs reported
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
CrowdSec analysis
CVE-2023-35082 is a critical authentication bypass vulnerability in Ivanti EPMM. This flaw allows unauthenticated attackers to gain unauthorized access to sensitive functionality or resources intended for authenticated users.
CrowdSec has been tracking this vulnerability and its exploits since 9th of February 2024.
CrowdSec network observations suggest that most exploitation of CVE-2023-35082 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2023-35082 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2023-35082 is currently experiencing high visibility and active exploitation across the internet.
Attackers typically attempt to exploit this issue by probing the application for exposed authentication mechanisms and misconfigurations.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.