Headline
Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild
Categories: Exploits and vulnerabilities Categories: News Tags: Norwegian ministries
Tags: ivanti
Tags: EPMM
Tags: MobileIron
Tags: CVE-2023-35078
Tags: patch
A patch is now available for an Ivanti EPMM vulnerability that was used in a cyberattack on the ICT platform which is relied upon by a dozen Norwegian ministries.
(Read more…)
The post Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild appeared first on Malwarebytes Labs.
The Cybersecurity and Infrastructure Security Agency (CISA) added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by August 15, 2023 to protect their networks against active threats.
We urge everyone else to take this vulnerability seriously and to patch as soon as possible since the vulnerability was used in a cyberattack on the ICT platform which is relied upon by 12 Norwegian ministries.
The vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, and impacts all supported versions as well as unsupported and end-of-life releases. Ivanti EPMM is a mobile management software engine that enables IT to set policies for mobile devices, applications, and content. The affected Norwegian ministries used it to manage mobile devices used by government employees and grant remote access to government systems and applications.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE assigned to this vulnerability is:
CVE-2023-35078 (CVSS score 10 out of 10): Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain Personally Identifiable Information (PII), add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild.
Ivanti has made a patch available for supported version 11.4 releases 11.10, 11.9 and 11.8 and recommends that you immediately take action to ensure you are fully protected. Customers can find the detailed information and how to access and apply the remediations in Ivanti’s Knowledge Base article (login required).
The vulnerability was discovered in Norway as a result of an investigation into a cyberattack on the ICT platform used by 12 ministries. The Norwegian National Security Authority (NSM) and the Norwegian Government Security and Service Organization (DSS) found the vulnerability but chose not to disclose any details until a patch was available.
In a statement, Erik Hope, Director General of the Norwegian Government Security and Service Organisation (DSS) said:
“We have detected a previously unknown vulnerability in one of our suppliers’ software. This vulnerability has been exploited by an unknown third party. This vulnerability has now been fixed. It is still too early to say anything about who is behind the attack or the extent of the attack. Our investigations and the police investigations will provide more answers.”
On their site, Ivanti describes the vulnerability as an authentication bypass vulnerability in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication. According to Ivanti the vulnerability was used against “a very limited number of customers.”
According to Shodan scan posted by BleepingComputer, more than 2,900 MobileIron user portals are presently exposed online, out of which around three dozen are linked with US local and state government agencies.
Image courtesy of BleepingComputer
It is strongly advised that all network admins apply the Ivanti Endpoint Manager Mobile (MobileIron) patches as soon as possible. If this is not possible at short notice or you are using an unsupported version, you should restrict access to the platform as much as possible.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.
Related news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: Sentry Tags: MobileIron Tags: CVE-2023-38035 Tags: MICS Tags: port 8443 There is some uncertainty about whether a vulnerability in Ivanti Sentry is being exploited in the wild, but why take the risk when you can patch? (Read more...) The post Ivanti Sentry critical vulnerability—don't play dice, patch appeared first on Malwarebytes Labs.
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35081 Tags: CVE-2023-35078 Tags: tomcat Tags: arbitrary file write Tags: ACL Tags: upgrade Ivanti has issued a patch to address a second critical zero-day vulnerability (Read more...) The post Ivanti patches second zero-day vulnerability being used in attacks appeared first on Malwarebytes Labs.
Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as