Ivanti Discloses Another Maximum Severity Endpoint Manager Mobile Vulnerability
Ivanti has disclosed another maximum-severity vulnerability in its Endpoint Manager Mobile (EPMM) solution (formerly MobileIron Core). The vulnerability is tracked as CVE-2023-35082, has a maximum CVSS v3.1 severity score of 10, and affects MobileIron Core 11.2 and older versions. The vulnerability is described as a remote unauthenticated API access issue that can be exploited remotely by unauthorized users to access restricted resources without authentication, potentially allowing the theft of users’ personally identifiable information and limited changes to be made to the server. Ivanti said it does not believe the flaw has been exploited in the wild.
Since MobileIron 11.2 reached end-of-support on March 15, 2022, a patch will not be released to fix the flaw. The only way of remediating the vulnerability is to upgrade to the latest version of Ivanti EPMM. Ivanti confirmed that the latest vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM.
The vulnerability was identified by Stephen Fewer, a Rapid7 security researcher, and is linked to the recently disclosed maximum-severity zero-day vulnerability – CVE-2023-35078 – that was exploited in an attack on the Norwegian government and other entities. The CVE-2023-35078 vulnerability is an authentication bypass issue that can be chained with another vulnerability, CVE-2023-35081, to gain administrative privileges on compromised systems. Ivanti released a patch for CVE-2023-35078 on July 23, 2023, and a patch for CVE-2023-35081 was released on July 28, 2023.
On August 1, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that advanced persistent threat actors have been chaining the CVE-2023-35078 and CVE-2023-35081 vulnerabilities to gain privileged access to EPMM systems and have been deploying web shells on compromised systems. The flaws have been exploited from at least April 2023 through to July 2023 in a cyber espionage campaign that saw the networks of several Norwegian government entities compromised. CISA and the Norwegian National Cyber Security Centre (NCSC-NO) expressed concern that the vulnerabilities could be exploited in widespread attacks on government and private sector networks. Indicators of compromise (IOCs) and the threat actor’s tactics, techniques, and procedures (TTPs) have been shared by CISA, and users of vulnerable EPMM versions have been advised to update to the latest version as soon as possible.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
