Ivanti issues immediate patch for EPMM zero-day vulnerability under active exploit

Ivanti is warning users to update its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability.

by Vikash Kumawat
Published: Updated: 0 comments 193 views 0 minutes read

The issue, named CVE-2023-35078, is described as a remote unauthenticated API access vulnerability that affects currently supported versions 11.4 releases 11.10, 11.9 and 11.8, as well as older releases. It has a maximum severity rating of 10 on the CVSS scale.

“An authentication bypass vulnerability in Ivanti EPMM allows unauthenticated users to access restricted functionality or resources of the application without proper authentication,” the company said in a brief advisory.

“If exploited, this vulnerability enables an unauthenticated, remote (Internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.”

The US Cyber Security and Infrastructure Security Agency (CISA) said that an adversary with access to API paths could exploit them to obtain personally identifiable information (PII) such as names, phone numbers and other mobile device details for users on vulnerable systems.

“An attacker could also make other configuration changes, including creating an EPMM administrative account, which could make further changes to a vulnerable system,” CISA said.

The Utah-based IT software firm further said it is aware of active exploitation of the bug against a “very limited number of customers,” but did not disclose additional details about the nature of the attacks or the identity of the threat actor behind them.

Having said that, the Norwegian National Security Authority (NSM) has confirmed that the zero-day vulnerability was exploited by unknown threat actors to target the Organization for Government Security and Services (DSS).

According to security researcher Kevin Beaumont, patches for the problem have been made available in versions 11.8.1.1, 11.9.1.1 and 11.10.0.2.

You may also like

Leave a Comment

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00