Finding a Three 0-Day Exploit Chain in Ivanti EPMM and Ivanti Sentry

Explore a detailed analysis of three critical 0-day vulnerabilities discovered in Ivanti Endpoint Protection Manager Mobile (EPMM) and Ivanti Sentry during the summer of 2023. Delve into the technical aspects of CVE-2023-35078, an authentication bypass in Ivanti EPMM with a CVSS score of 9.8; CVE-2023-35081, a path traversal and arbitrary file write vulnerability in Ivanti EPMM with a CVSS score of 7.2; and CVE-2023-38035, an authentication bypass in Ivanti Sentry with a CVSS score of 9.8 that allows command execution as root. Gain insights into how these vulnerabilities can be combined into an exploit chain, their inclusion in CISA's Known Exploited Vulnerabilities catalog, and their confirmed exploitation by threat actors in the wild. Uncover the technical details and implications of these security flaws in this comprehensive 58-minute conference talk recorded at NDC Security in Oslo, Norway.