Patches Released to Fix Actively Exploited Flaw in Ivanti Endpoint Mobile Manager
Ivanti has released patches to fix a maximum-severity zero-day vulnerability in its Endpoint Mobile Manager (EPMM) mobile device management solution (formerly MobileIron Core). The vulnerability is tracked as CVE-2023-35078 and is an authentication bypass vulnerability with a CVSS score of 10. Successful exploitation of the vulnerability will allow an unauthorized user to access restricted functionality or resources of the application, gain access to sensitive user data, and potentially make limited changes to the server.
Ivanti said the vulnerability affects all supported versions of its EPMM solution (11.10, 11.9, and 11.8) as well as older versions, although the patches have only been released for supported versions. Evidence has been found that indicates the vulnerability has already been exploited in attacks, although the extent to which the vulnerability is being exploited is unclear. The Norwegian government is believed to be one of the victims. Hackers allegedly exploited the flaw to compromise 12 government ministries in the country.
According to security researcher Kevin Beaumont, the flaw is very easy to exploit, and given the severity of the flaw and known active exploitation, immediate patching is strongly recommended. Beaumont recommended that anyone still using an unsupported version that has reached end-of-life should switch off the appliance until an upgrade to a supported version is possible. The updated EPMM versions with the patch applied are EPMM 11.8.11, 11.9.11, and 11.10.02. More than 2,000 MobileIron user portals are exposed to the Internet and are potentially able to be exploited, most of which are located in the United States.
