Ivanti Mobile Management Software Zero-Day Under Active Attack

by Abeerah Hashim July 27, 2023

written by Abeerah Hashim July 27, 2023

Ivanti patches another vulnerability, while the attackers exploit the former one.

Organizations using the Ivanti EPMM mobile management software must update their systems immediately as hackers have started exploiting a zero-day vulnerability.

Ivanti Mobile Management Software Zero-Day

According to a recent advisory from Ivanti, the vendors have detected active exploitation of a zero-day vulnerability in their Endpoint Manager Mobile (EPMM) (formerly called “MobileIron Core”) mobile management software.

As stated, the vulnerability, CVE-2023-35078, is an authentication bypass flaw that allows an unauthenticated, remote adversary to infiltrate target servers and access the stored PII data and other restricted functionalities. The flaw has received a CVSS 10.0.

Ivanti confirms that the vulnerability affects all existing EPMM versions (Version 11.4 releases 11.10, 11.9, and 11.8, and older, including the EOL versions). Thus, it urges users to upgrade to the latest patched release to receive the patch.

Norway’s NSM Confirmed Suffering The EPMM Exploit Impact

As stated in the advisory, Ivanti noticed a “limited number of customers” to have suffered the impact following the exploitation. However, things do not seem as trivial as the advisory suggests since the impacted customers have started disclosing the impact they suffered.

The latest disclosure comes from the Norwegian National Security Authority (NSM). First, the NSM confirmed facing a cyberattack against the Department’s Security and Service Organization (DSS) due to a zero-day exploitation of software they used. While the organization initially hesitated to disclose the name of the software, the recent update confirmed that the incident happened due to the exploitation of CVE-2023-35078.

Besides confirming the exploit, NSM confirmed that the software update closed the vulnerability, confirming that the patch works. NSM also urged all known software customers to update their systems immediately to avoid potential threats.

Until the time of writing this story, Norwegian NSM remains the only Ivanti EPMM customer to have disclosed the impact. Yet, given how such exploitations quickly turn into devastating supply-chain attacks, as happened with the recent MOVEit incident, expect a growing list of Ivanti zero-day affectees too.

Let us know your thoughts in the comments.

Ivanti cyberattack Ivanti Endpoint Manager Mobile Ivanti Endpoint Manager Mobile vulnerability Ivanti Endpoint Manager Mobile zero-day Ivanti EPMM Ivanti EPMM vulnerability Ivanti EPMM zero-day Ivanti MobileIron Core Ivanti MobileIron Core vulnerability Ivanti MobileIron Core zero-day Ivanti supply-chain attack supply-chain attack vulnerability zero day vulnerability

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Ivanti Mobile Management Software Zero-Day Under Active Attack

Ivanti Mobile Management Software Zero-Day

Norway’s NSM Confirmed Suffering The EPMM Exploit Impact

Flipper Zero Launched “Apps Hub” As A Third-Party App Store

Fake Games Deliver Redline, Realst Malware On Windows and Mac

You may also like