Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation


Ivanti warns users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version which fixes the actively exploited zero-day vulnerability.

nicknamed CVE-2023-35078, this issue is described as an unauthenticated remote API access vulnerability that impacts the currently supported 11.4 releases 11.10, 11.9, and 11.8 and earlier releases. It has a maximum severity rating of 10 on the CVSS scale.

“Authentication bypass vulnerability in Ivanti EPMM allowed unauthorized users to access limited functionality or application resources without proper authentication,” the company said. said in brief advice.

“If exploited, this vulnerability allows an unauthorized, remote (internet-facing) actor to potentially access a user’s personally identifiable information and make restricted changes to servers.”

The US Cybersecurity and Infrastructure Security Agency (CISA) said adversaries with access to API lines could exploit them to obtain personally identifiable information (PII) such as names, phone numbers and other mobile device details for users on vulnerable systems.


Protecting Against Insider Threats: SaaS Master Security Posture Management

Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.

Join today

“An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to vulnerable systems,” CISA added.

The Utah-based IT software company further said it was aware of active exploitation of the bug against a “very limited number of customers” but did not disclose additional details about the nature of the attack or the identity of the threat actor behind it.

Therefore, the Norwegian National Security Authority (NSM) has since confirmed that the zero-day vulnerability was exploited by an unknown threat actor to target Security and Government Services Organizations (DSS).

A patch for this issue is available in versions,, and, according to to security researcher Kevin Beaumont.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button