Room 3 

10:20 - 11:20 


Talk (60 min)

Finding a three 0-day exploit chain in Ivanti EPMM and Ivanti Sentry

During the summer of 2023, a team at mnemonic discovered three 0-day vulnerabilities in Ivanti Endpoint Protection Manager Mobile (EPMM, formerly known as Mobileiron Core) and Ivanti Sentry.

Experience report

- CVE-2023-35078: authentication bypass in Ivanti EPMM, CVSS 9.8
- CVE-2023-35081: path traversal / arbitrary file write in Ivanti EPMM, CVSS 7.2
- CVE-2023-38035: authentication bypass in Ivanti Sentry, CVSS 9.8, allowing command execution as root.

All three vulnerabilities are listed in CISA's Known Exploited Vulnerabilities catalog, as they are known to have been exploited by threat actors in the wild. Ivanti has also confirmed that the vulnerabilities can be combined in an exploit chain.

In this talk we'll take a closer look at what actually happened.

Tor E. Bjørstad

Tor E. Bjørstad has spent his entire career in security and privacy. For the last decade he has worked as a principal security consultant at mnemonic, based in Oslo. He has mainly focused on software security and security architecture, with a particular interest in society-critical infrastructure. Tor holds a Ph.d. in cryptography from the University of Bergen.tbd

Erlend Leiknes

Erlend Leiknes, a security consultant at mnemonic as, Oslo, spends his days as a penetration tester. His professional motto is that most vulnerabilities are obvious, the endeavor is to look at the right places. Erlend holds a master's degree in technical societal safety from University of Stavanger.