Ivanti EPMM Authentication Bypass

This repository provides a Python proof-of-concept (PoC) exploit for CVE-2023-35078, a remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The repository contains four files: a .gitignore, LICENSE, README.md, and the main exploit script 'cve_2023_35078_poc.py'. The exploit script allows an attacker to check if a target Ivanti EPMM server is running a vulnerable version by parsing the version from a CSS link in the login page HTML. If the target is vulnerable, the script sends an unauthenticated HTTP GET request to the endpoint '/mifs/aad/api/v2/authorized/users?adminDeviceSpaceId=1' to extract all user data, which is then saved locally as a JSON file. The exploit can be run against a single URL or a list of URLs. The README provides usage instructions and references to official advisories. The exploit demonstrates unauthorized access to sensitive user information via a network-based attack vector, but does not provide weaponized or post-exploitation capabilities.

This repository provides a Python-based proof-of-concept exploit for CVE-2023-35078, a critical unauthenticated API access vulnerability in Ivanti MobileIron Core (versions 11.2, 11.3, and 11.4 prior to their respective patch levels). The main script, cve_2023_35078.py, allows an attacker to remotely query the vulnerable endpoint (/mifs/aad/api/v2/authorized/users) without authentication and extract sensitive user and device information. The exploit supports both single-target and batch scanning, outputs results in JSON format, and includes features such as verbose logging, custom output directories, and timeout configuration. The repository also includes a requirements.txt for dependencies and a detailed README.md with usage instructions, technical background, and remediation guidance. The exploit is a functional PoC and does not weaponize the vulnerability beyond data extraction. No hardcoded payloads or post-exploitation actions are present. The attack vector is network-based, and the exploit is suitable for authorized security testing of exposed Ivanti MobileIron Core instances.

This repository contains a Go-based proof-of-concept exploit for CVE-2023-35078, a remote unauthenticated API access vulnerability in Ivanti MobileIron Core (versions <= 11.4). The repository consists of a README.md with usage instructions and a single Go source file (cve-2023-35078.go) implementing the exploit logic. The exploit first checks if the target is running a vulnerable version by parsing the version from a CSS file reference in the login page. If the target is vulnerable, it sends an unauthenticated HTTP GET request to the /mifs/aad/api/v2/authorized/users?adminDeviceSpaceId=1 endpoint to extract sensitive user data, which is then saved to a local JSON file. The tool supports both single-target and batch modes (via a file of URLs). The exploit demonstrates the vulnerability but does not provide weaponized or post-exploitation capabilities.

This repository contains an Nmap NSE script (CVE-2023-35078.nse) designed to exploit CVE-2023-35078, a vulnerability in MobileIron Core. The script performs an unauthenticated HTTP GET request to the endpoint '/mifs/aad/api/v2/authorized/users?adminDeviceSpaceId=1' on the target server, attempting to retrieve and dump admin user information. The response is saved to a user-specified output file (defaulting to './output.txt'). The script requires Nmap and LuaSocket, and is executed via Nmap's scripting engine with appropriate arguments. The repository also includes a README.md with usage instructions and a reference to the CVE. The exploit is a proof-of-concept and does not include weaponized or customizable payloads.