When Ivanti security engineers received an urgent alert in July 2023, they discovered a critical zero-day vulnerability in Ivanti Endpoint Manager Mobile, the enterprise software managing countless government and corporate mobile devices worldwide. CVE-2023-35078 represented a complete authentication bypass that had been actively exploited for weeks before detection. The vulnerability affected several Norwegian government ministries and posed a significant threat to organizations globally.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Broken Authentication

  • Roman Canlas

摘要

When Ivanti security engineers received an urgent alert in July 2023, they discovered a critical zero-day vulnerability in Ivanti Endpoint Manager Mobile, the enterprise software managing countless government and corporate mobile devices worldwide. CVE-2023-35078 represented a complete authentication bypass that had been actively exploited for weeks before detection. The vulnerability affected several Norwegian government ministries and posed a significant threat to organizations globally.