CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability

Posted on by Admin
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability

Related Post


</p> <p><strong>Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks</strong></p> <h2>Background</h2> <p>On July 24, a <a href="https://www.heise.de/news/Ivanti-schliesst-Zero-Day-Luecke-in-MobileIron-9225583.html"><u>post from Heise Online</u></a> (<a href="https://www-heise-de.translate.goog/news/Ivanti-schliesst-Zero-Day-Luecke-in-MobileIron-9225583.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp"><u>English translation</u></a>) detailed a recently patched zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), a mobile management software that can be used for mobile device management (MDM), mobile application management (MAM) and mobile content management (MCM). It was formerly known as <a href="https://help.ivanti.com/mi/help/en_US/core/10.7.0.0/gsg/Content/CoreGettingStarted/MobileIron_Core_overview.htm"><u>MobileIron Core</u></a> prior to its <a href="https://techcrunch.com/2020/12/01/ivanti-has-acquired-security-firms-mobileiron-and-pulse-secure/"><u>acquisition by Ivanti in 2020</u></a>.</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>CVSSv3</strong></th> <th><strong>Severity</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-35078"><u>CVE-2023-35078</u></a></td> <td>Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability</td> <td>10.0</td> <td>Critical</td> </tr> </tbody> </table> </div> <p>Ivanti has published a <a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><u>blog post</u></a> and a public <a href="https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US"><u>advisory</u></a> for this vulnerability that contains additional information, however further details are available in a <a href="https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"><u>knowledge base (KB) article</u></a> only accessible to Ivanti customers.</p> <h2>Analysis</h2> <p>CVE-2023-35078 is an authentication bypass vulnerability in Ivanti’s EPMM. An unauthenticated, remote attacker could exploit this vulnerability to gain access to the server’s application programming interface (API) that is normally only accessible to authenticated users. Successful exploitation would allow an attacker to be able to access “specific API paths” according to an <a href="https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"><u>alert from the Cybersecurity and Infrastructure Security Agency (CISA)</u></a>.</p> <p>These API paths could allow an attacker to obtain personally identifiable information (PII) from the server that may include but is not limited to names, phone numbers, and details about the mobile devices being managed by EPMM.</p> <p>Additionally, an attacker could potentially utilize the unrestricted API paths to modify a server’s configuration file, which could result in the creation of an admin account on the server that would allow the attacker to “make further changes to a vulnerable system.”</p> <p><strong>Knowledge Base article restricted to customers-only</strong></p> <p>Additional details surrounding CVE-2023-35078 are currently restricted to a <a href="https://forums.ivanti.com/ServiceProviderLogin?ec=302&startURL=%2Fs%2Farticle%2FKB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"><u>knowledge base article</u></a> that is only accessible to customers with valid login credentials. Tenable was provided access to the support article and our blog post reflects what we currently know about this vulnerability.</p> <p><strong>Confirmed exploitation of CVE-2023-35078 as a zero-day</strong></p> <p>According to the knowledge base article and blog post from Ivanti as well as a BleepingComputer <a href="https://www.bleepingcomputer.com/news/security/ivanti-patches-mobileiron-zero-day-bug-exploited-in-attacks/"><u>report</u></a>, the vulnerability was exploited in the wild as a zero-day “against a very small number of customers (e.g., less than 10).” The article does not provide any other specifics about the in-the-wild exploitation. The KB article does recommend that if a customer thinks they are impacted, they can request an “Analysis Guidance” document from Ivanti support.</p> <p><strong>Attack against 12 Norwegian government ministries linked to CVE-2023-35078</strong></p> <p>Runa Sandvik, a security researcher and founder of Granitt, noted that according to a <a href="https://www.linkedin.com/feed/update/urn:li:activity:7089367926155165696/"><u>LinkedIn post</u></a> from Nasjonal sikkerhetsmyndighet, the Norwegian National Security Authority, a <a href="https://www.reuters.com/technology/norway-government-ministries-hit-by-cyber-attack-2023-07-24/"><u>cyber attack against twelve Norwegian government ministries</u></a> first discovered on July 12 has been linked to the exploitation of CVE-2023-35078:</p> <blockquote class="twitter-tweet" data-dnt="true"> <p dir="ltr" lang="en" xml:lang="en">Norwegian National Security Authority shared details about the supply chain attack disclosed this morning: a zero day in Ivanti Endpoint Manager, used by the Government Security and Service Organization (DSS). <a href="https://t.co/TYLWVCGUOn">https://t.co/TYLWVCGUOn</a></p> <p>— Runa Sandvik (@runasand) <a href="https://twitter.com/runasand/status/1683644281955790850?ref_src=twsrc%5Etfw">July 25, 2023</a></p></blockquote> <p><strong>Probing of vulnerable EPMM systems has already begun</strong></p> <p>Security researcher Kevin Beaumont called the vulnerability “completely nuts,” adding that a honeypot he set up is “already being probed via the API”</p> <p><iframe allowfullscreen="allowfullscreen" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-forms" src="https://cyberplace.social/@GossiTheDog/110771468600885432/embed" width="400"></iframe></p> <h2>Proof of concept</h2> <p>At the time this blog post was published, there was no public proof-of-concept available for CVE-2023-35078.</p> <h2>Solution</h2> <p>Based on the knowledge base article that was analyzed on July 25, the following table details the affected and fixed versions of Ivanti EPMM:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>Affected Version of EPMM</strong></th> <th><strong>Fixed Version of EPMM</strong></th> </tr> </thead> <tbody> <tr> <td>11.10.1 and below</td> <td>11.10.0.2</td> </tr> <tr> <td>11.9.1.0 and below</td> <td>11.9.1.1</td> </tr> <tr> <td>11.8.1.0</td> <td>11.8.1.1</td> </tr> </tbody> </table> </div> <p>Ivanti also highlights that unsupported versions of EPMM prior to 11.8.1.0 are also affected and that customers using these unsupported versions are recommended to upgrade to a supported version. However, if upgrading is not possible, Ivanti has provided a temporary fix in the form of an RPM Package Manager file that will remain in place during reboots but will not persist following an upgrade. For more information on applying the RPM fix, customers should refer to the KB article.</p> <h2>Identifying affected systems</h2> <p>Organizations that use Ivanti EPMM can utilize the following detection plugins to identify assets within their environments:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>Plugin ID</strong></th> <th><strong>Name</strong></th> <th><strong>Product</strong></th> <th><strong>Family</strong></th> <th><strong>Severity</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/plugins/nessus/141340"><u>141340</u></a></td> <td>MobileIron Core Detection</td> <td>Nessus</td> <td>Service detection</td> <td>INFO</td> </tr> <tr> <td><a href="https://www.tenable.com/plugins/nessus/141341"><u>141341</u></a></td> <td>MobileIron Core API Detection</td> <td>Nessus</td> <td>Service detection</td> <td>INFO</td> </tr> </tbody> </table> </div> <p><i>* Please note that the names of these plugins are subject to change but the plugin IDs will remain the same.</i></p> <p>A list of Tenable plugins to identify this vulnerability will appear <a href="https://www.tenable.com/plugins/search?q=cves%3A%28%22CVE-2023-35078%22%29&sort=&page=1"><u>here</u></a> as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.</p> <h3>Get more information</h3> <p><b><i>Join <a href="https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts"><u>Tenable’s Security Response Team</u></a> on the Tenable Community.</i></b></p> <p><b><i>Learn more about <a href="https://www.tenable.com/products/tenable-one"><u>Tenable One</u></a>, the Exposure Management Platform for the modern attack surface.</i></b></p> </div> <p><script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script><br /> <br /><br /> <br /><a href="https://www.tenable.com/blog/cve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access">Source link </a></p> </div><!-- .entry-content --> <footer class="entry-footer"> <span class="cat-links"> Posted in <a href="https://unifiedguru.com/category/rss_virtulization/" rel="category tag">RSS_Virtulization</a> </span> </footer><!-- .entry-footer --> </article><!-- #post-## --> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://unifiedguru.com/uk-government-report-finds-cybersecurity-skills-gap-stagnant/" rel="prev">UK Government Report Finds Cybersecurity Skills Gap Stagnant</a></div><div class="nav-next"><a href="https://unifiedguru.com/update-your-cisco-gear-legally-and-for-less/" rel="next">Update Your Cisco Gear (Legally and For Less)</a></div></div> </nav> </main><!-- #main --> </div><!-- #primary --> <div id="secondary-right" class="widget-area secondary-sidebar f-right clearfix" role="complementary"> <div id="sidebar-section-top" class="widget-area sidebar clearfix"> <aside id="newsletterwidget-10" class="widget widget_newsletterwidget"><h3 class="widget-title"><span>Subscribe For Updates</span></h3><div class="tnp tnp-subscription tnp-widget"> <form method="post" action="https://unifiedguru.com/?na=s"> <input type="hidden" name="nr" value="widget"> <input type="hidden" name="nlang" value=""> <div class="tnp-field tnp-field-firstname"><label for="tnp-1">Name</label> <input class="tnp-name" type="text" name="nn" id="tnp-1" value="" placeholder=""></div> <div class="tnp-field tnp-field-email"><label for="tnp-2">Email</label> <input class="tnp-email" type="email" name="ne" id="tnp-2" value="" placeholder="" required></div> <div class="tnp-field tnp-privacy-field"><label><input type="checkbox" name="ny" required class="tnp-privacy"> Subscribing I accept the privacy rules of this site</label></div><div class="tnp-field tnp-field-button" style="text-align: left"><input class="tnp-submit" type="submit" value="Subscribe Now For Updates" style=""> </div> </form> </div> </aside> </div> <div id="sidebar-section-cat-one" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>VMWARE</h2> <div class="featured-post-sidebar"> <figure class="post-thumb clearfix"> <a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" ><img post-id="1207" fifu-featured="1" src="https://simoncranney.files.wordpress.com/2019/10/cropped-network.jpeg?w=200" alt="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" /></a> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>October 29, 2020</div> <h3><a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" >Helping Public Sector Organisations Define Cloud Strategy</a></h3> <p class="side-excerpt">Introduction Cloud computing services have grown exponentially in</p> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 18, 2016</div> <h3><a href="https://unifiedguru.com/how-to-change-the-vlan-id-of-the-service-console-in-esx-from-the-command-lineconsole/" title="How to change the VLAN ID of the Service Console in ESX from the command line/console" >How to change the VLAN ID of the Service Console in ESX from the command line/console</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 09, 2015</div> <h3><a href="https://unifiedguru.com/cisco-ucs-and-vmware-interfaces-vnics-ha-design-considerations/" title="Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations" >Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 07, 2015</div> <h3><a href="https://unifiedguru.com/troubleshooting-network-and-tcpudp-port-connectivity-issues-on-esxesxi2020669/" title="Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)" >Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 12, 2015</div> <h3><a href="https://unifiedguru.com/vsphere-client-parameters/" title="vSphere Client Parameters" >vSphere Client Parameters</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/vmware/" title="View All">View All</a></div> </div> </div> <div id="sidebar-section-cat-two" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>Configuration Templates</h2> <div class="featured-post-sidebar clearfix"> <figure class="post-thumb clearfix"> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 16, 2015</div> <h3><a href="https://unifiedguru.com/cue-licenses/" title="CUE Licenses" >CUE Licenses</a></h3> <p class="side-excerpt">Note: Useful LINK COPIED FROM OTHER SOURCE FOR REFERENCE INTRODUCTION</p> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 02, 2015</div> <h3><a href="https://unifiedguru.com/trouble-shooting-unity-express-with-call-manager-integeration-operational-issues/" title="Trouble shooting Unity Express with Call Manager Integeration & Operational Issues" >Trouble shooting Unity Express with Call Manager Integeration & Operational Issues</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/%ef%bb%bfcme-configuration-example-sip-trunks-to-viatalk-and-voip-ms/" title="CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms" >CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/sip-phone-registration-cme-configuration/" title="SIP Phone registration – CME Configuration" >SIP Phone registration – CME Configuration</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/cue-voicemail-vpim-networking-cue-to-unity/" title="CUE Voicemail + VPIM networking (CUE to unity)" >CUE Voicemail + VPIM networking (CUE to unity)</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/configuration-templates/" title="View All">View All</a></div> </div> </div> </div> </div><!-- #content --> </div><!-- content-wrapper--> <footer id="colophon" class="site-footer clearrfix" role="contentinfo"> <div class="wrapper footer-wrapper clearfix"> <div class="top-bottom clearfix"> <div id="footer-top"> </div><!-- #foter-top --> <div id="footer-bottom"> </div><!-- #foter-bottom --> </div><!-- top-bottom--> <div class="footer-copyright border t-center"> <p> Copyright 2016. All rights reserved </p> <div class="site-info"> <a href="https://wordpress.org/">Proudly powered by WordPress</a> <span class="sep"> | </span> Profitmag by <a href="http://rigorousthemes.com/" rel="designer">Rigorous Themes</a> </div><!-- .site-info --> </div> </div><!-- footer-wrapper--> </footer><!-- #colophon --> </div><!-- #page --> <div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_default_style" style="bottom:0px;left:0px;background-color:#23d5db"><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_pinterest" href="https://www.addtoany.com/add_to/pinterest?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="Pinterest" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_whatsapp" href="https://www.addtoany.com/add_to/whatsapp?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="WhatsApp" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_google_gmail" href="https://www.addtoany.com/add_to/google_gmail?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability%2F&linkname=CVE-2023-35078%3A%20Ivanti%20Endpoint%20Manager%20Mobile%20%28EPMM%29%20%2F%20MobileIron%20Core%20Unauthenticated%20API%20Access%20Vulnerability" title="Gmail" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div><div class="mb_supershare_holder"> <div id="openModal" class="mb_supershare_modalDialog"> <div style="background:url(https://unifiedguru.com/wp-content/plugins/super-share/img/struckaxiom.png) repeat;"> <div class="mb_supershare_ribbon"><div class="mb_supershare_ribbon-stitches-top"></div><strong class="mb_supershare_ribbon-content"><span style="font-size: 24px; line-height: 2;"> Love This Article? Spread It. </span></strong><div class="mb_supershare_ribbon-stitches-bottom"></div></div> <div class="mb_supershare_close">X</div> <!-- facebook need this script --> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="social_icons_style" style="width:320px; margin-left:25px; margin-top:20px; margin 0 auto; overflow:visible"> <ul> <li style="overflow:hidden; width: 49px;"> <!-- facebook like button --> <div class="fb-like" data-href="https://unifiedguru.com:443/cve-2023-35078-ivanti-endpoint-manager-mobile-epmm-mobileiron-core-unauthenticated-api-access-vulnerability/" data-width="450" data-height="The pixel height of the plugin" data-colorscheme="light" data-layout="box_count" data-action="like" data-show-faces="false" data-send="false"></div> </li> <li> <!-- G+ button --> <!-- Place this tag where you want the +1 button to render. --> <div class="g-plusone" data-size="tall" data-href=""></div> <!-- Place this tag after the last +1 button tag. --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </li> <li> <!-- Twitter button --> <a href="https://twitter.com/share" class="twitter-share-button" data-url="" data-via="" data-lang="en" data-related="anywhereTheJavascriptAPI" data-count="vertical">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </li> <li> <!-- Linkedin button --> <script src="//platform.linkedin.com/in.js" type="text/javascript"></script> <script type="IN/Share" data-url="" data-counter="top"></script> </li> <li> <!-- StumbleUpon button --> <!-- Place this tag where you want the su badge to render --> <su:badge layout="5" location=""> </su:badge> <!-- Place this snippet wherever appropriate --> <script type="text/javascript"> (function() { var li = document.createElement('script'); li.type = 'text/javascript'; li.async = true; li.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + '//platform.stumbleupon.com/1/widgets.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(li, s); })(); </script> </li> </ul> </div> </div> <!--DIV--> </div> <!--modalDialog--> </div> <!--mb_supershare_holder--> <script> jQuery(document).ready(function($) { $is_closed="no"; jQuery(document).scroll(function() { if(jQuery('article').length){ //For typical wordpress templates $afterpost = jQuery("article").position().top + jQuery("article").height()-(jQuery("article").height()/3); } else { //For Thesis framework $afterpost = jQuery(".content").position().top + jQuery(".post_box").height()-(jQuery(".post_box").height()/3); } if(jQuery(window).scrollTop() >= $afterpost && $is_closed=="no"){ jQuery(".mb_supershare_modalDialog").css({"display":"block"}); jQuery(".mb_supershare_modalDialog").animate({opacity:"1"},1000); } else{ jQuery(".mb_supershare_modalDialog").css({"display":"none"}); } }); jQuery(".mb_supershare_close").bind("click", function() { jQuery(".mb_supershare_modalDialog").fadeOut("slow"); $is_closed="yes"; setTimeout(function() { jQuery(".mb_supershare_modalDialog").css({"display":"none"}); }, 2000); }); }); </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.9.8" id="swv-js"></script> <script type="text/javascript" id="contact-form-7-js-extra"> /* <![CDATA[ */ var wpcf7 = {"api":{"root":"https:\/\/unifiedguru.com\/wp-json\/","namespace":"contact-form-7\/v1"}}; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.9.8" id="contact-form-7-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.bxslider.js?ver=6.6.2" id="bxslider-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.ticker.js?ver=6.6.2" id="ticker-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mCustomScrollbar.min.js?ver=1.0.0" id="mCustomScrollbar-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mousewheel.min.js?ver=2.0.19" id="mousewheel-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/navigation.js?ver=20120206" id="profitmag-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/keyboard-navigation.js?ver=20120206" id="profitmag-keyboard-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/custom.js?ver=1.0" id="profitmag-custom-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1" id="jail-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6" id="scrolling-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3" id="jquery-easing-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1" id="slidedeck-library-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1" id="slidedeck-public-js"></script> <script type="text/javascript" src="https://platform.twitter.com/widgets.js?ver=1316526300" id="twitter-intent-api-js"></script> <script type="text/javascript" id="fifu-json-ld-js-extra"> /* <![CDATA[ */ var fifuJsonLd = {"url":"https:\/\/www.tenable.com\/sites\/default\/files\/styles\/640x360\/public\/images\/articles\/Blog-Research-CEA-0DayWild-Max-Quality_2.jpg?itok=oXFskq0n"}; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/featured-image-from-url/includes/html/js/json-ld.js?ver=4.9.1" id="fifu-json-ld-js"></script> <script type="text/javascript"> var slideDeck2URLPath = "https://unifiedguru.com/wp-content/plugins/slidedeck"; var slideDeck2iframeByDefault = false; </script> </body> </html>