You can use the following shodan dorks to find public targets.
http.favicon.hash:362091310http.favicon.hash:545827989path=/mifs
You can use the following to transform data from shodan API to format suitable for the checking script:
jq -cr 'select(.http.favicon.hash == 362091310) | [ if .ssl? then "https://" else "http://" end , (.ip_str) + ":" + (.port|tostring)] | add' example.json > your_data_file.txt- clone the repository
./CVE-2023-35078.sh http[s]://your.target:port(define both protocol and target port)
If you want to test multiple targets, you can simply wrap it up with a loop:
while read line; do ./CVE-2023-35078.sh $line; done < your_data_file.txt
- https://socradar.io/critical-zero-day-in-ivanti-epmm-formerly-mobileiron-core-is-actively-exploited-cve-2023-35078/
- https://cyberplace.social/@GossiTheDog/110769716667847266
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
- https://doublepulsar.com/mobileirony-backdoor-allows-complete-takeover-of-mobile-security-product-and-endpoints-559733d612e1
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078
This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.
you can fix the vulnerability by upgrading to EPMM versions 11.8.1.1, 11.9.1.1, and 11.10.0.2. These fixed versions also cover unsupported and End-of-Life (EoL) software versions that are lower than 11.8.1.0.