Ivanti Mobile Management Software Zero-Day Under Active Attack

Organizations using the Ivanti EPMM mobile management software must update their systems immediately as hackers have started exploiting a zero-day vulnerability.

Ivanti Mobile Management Software Zero-Day

According to a recent advisory from Ivanti, the vendors have detected active exploitation of a zero-day vulnerability in their Endpoint Manager Mobile (EPMM) (formerly called “MobileIron Core”) mobile management software.

As stated, the vulnerability, CVE-2023-35078, is an authentication bypass flaw that allows an unauthenticated, remote adversary to infiltrate target servers and access the stored PII data and other restricted functionalities. The flaw has received a CVSS 10.0.

Ivanti confirms that the vulnerability affects all existing EPMM versions (Version 11.4 releases 11.10, 11.9, and 11.8, and older, including the EOL versions). Thus, it urges users to upgrade to the latest patched release to receive the patch.

Norway’s NSM Confirmed Suffering The EPMM Exploit Impact

As stated in the advisory, Ivanti noticed a “limited number of customers” to have suffered the impact following the exploitation. However, things do not seem as trivial as the advisory suggests since the impacted customers have started disclosing the impact they suffered.

The latest disclosure comes from the Norwegian National Security Authority (NSM). First, the NSM confirmed facing a cyberattack against the Department’s Security and Service Organization (DSS) due to a zero-day exploitation of software they used. While the organization initially hesitated to disclose the name of the software, the recent update confirmed that the incident happened due to the exploitation of CVE-2023-35078.

Besides confirming the exploit, NSM confirmed that the software update closed the vulnerability, confirming that the patch works. NSM also urged all known software customers to update their systems immediately to avoid potential threats.

Until the time of writing this story, Norwegian NSM remains the only Ivanti EPMM customer to have disclosed the impact. Yet, given how such exploitations quickly turn into devastating supply-chain attacks, as happened with the recent MOVEit incident, expect a growing list of Ivanti zero-day affectees too.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients