vpatch-CVE-2023-35078 AppSec Rule

« vpatch-CVE-2023-35078 »
v0.1 by crowdsecurity
AppSec rule

MobileIron Core Remote Unauthenticated API Access (CVE-2023-35078)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-35078

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-35078
2description: "MobileIron Core Remote Unauthenticated API Access (CVE-2023-35078)"
3rules:
4       - zones:
5           - URI
6         transform:
7           - lowercase
8         match:
9           type: contains
10           value: /mifs/aad/api/v2/
11labels:
12   type: exploit
13   service: http
14   confidence: 3
15   spoofable: 0
16   behavior: "http:exploit"
17   label: "MobileIron Core API"
18   references:
19    - https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
20    - https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
21    - https://nvd.nist.gov/vuln/detail/CVE-2023-35078
22   classification:
23     - cve.CVE-2023-35078
24     - attack.T1595
25     - attack.T1190

Hub Appsec rule

« vpatch-CVE-2023-35078 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2023-35078 »
v0.1 by crowdsecurity
AppSec rule