Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Ivanti warns users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version which fixes the actively exploited zero-day vulnerability.

nicknamed CVE-2023-35078, this issue is described as an unauthenticated remote API access vulnerability that impacts the currently supported 11.4 releases 11.10, 11.9, and 11.8 and earlier releases. It has a maximum severity rating of 10 on the CVSS scale.

“Authentication bypass vulnerability in Ivanti EPMM allowed unauthorized users to access limited functionality or application resources without proper authentication,” the company said. said in brief advice.

“If exploited, this vulnerability allows an unauthorized, remote (internet-facing) actor to potentially access a user’s personally identifiable information and make restricted changes to servers.”

The US Cybersecurity and Infrastructure Security Agency (CISA) said adversaries with access to API lines could exploit them to obtain personally identifiable information (PII) such as names, phone numbers and other mobile device details for users on vulnerable systems.

“An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to vulnerable systems,” CISA added.

The Utah-based IT software company further said it was aware of active exploitation of the bug against a “very limited number of customers” but did not disclose additional details about the nature of the attack or the identity of the threat actor behind it.

Therefore, the Norwegian National Security Authority (NSM) has since confirmed that the zero-day vulnerability was exploited by an unknown threat actor to target Security and Government Services Organizations (DSS).

A patch for this issue is available in versions 11.8.1.1, 11.9.1.1, and 11.10.0.2, according to to security researcher Kevin Beaumont.