top of page
  • Clipeus

Ivanti EPMM Vulnerability Listed In CISA KEV

On January 18, 2023, the United States (US) Cybersecurity and Infrastructure Security Agency (CISA) added to the Known Exploited Vulnerability (KEV) Catalog CVE-2023-3508, a critical vulnerability (CVSS 9.8) impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core.

Impacted versions include 11.10 and older, and consisting of an authentication bypass enabling a potential remote unauthenticated attacker to gain unauthorized access to restricted functionality or resources of the application. Patches for this vulnerability were released last August when the flaw was first disclosed.

According to the CISA, there are no definite indications to attribute the exploitation in the wild to an identifiable actor. However, intelligence reports suggest a possible linkage to China-nexus actors. This assessment would be consistent with the recent reporting on exploitation of separate Ivanti vulnerabilities.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page