vpatch-CVE-2023-35082 AppSec Rule

« vpatch-CVE-2023-35082 »
v0.2 by crowdsecurity
AppSec rule

MobileIron Core Remote Unauthenticated API Access (CVE-2023-35082)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-35082

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-35082
2description: "MobileIron Core Remote Unauthenticated API Access (CVE-2023-35082)"
3rules:
4       - zones:
5           - URI
6         transform:
7           - lowercase
8         match:
9           type: contains
10           value: /mifs/asfv3/api/v2/
11labels:
12   type: exploit
13   service: http
14   confidence: 3
15   spoofable: 0
16   behavior: "http:exploit"
17   label: "MobileIron Core API"
18   references:
19    - https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
20    - https://nvd.nist.gov/vuln/detail/CVE-2023-35082
21    - https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
22   classification:
23     - cve.CVE-2023-35082
24     - attack.T1595
25     - attack.T1190

Hub Appsec rule

« vpatch-CVE-2023-35082 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2023-35082 »
v0.2 by crowdsecurity
AppSec rule