Days after the details about a severe zero-day vulnerability in Ivanti mobile management software surfaced online, the vendors warned of another zero-day flaw affecting the EPMM. Users must rush to patch their systems with the latest updates to avoid damage.
Second Ivanti Zero-Day Found Actively Exploited
According to a recent alert from Ivanti, the vendors have spotted another zero-day vulnerability in its EPMM software actively exploited.
As explained, the vulnerability, CVE-2023-35081, is a severe (CVSS 7.2) path traversal vulnerability that allows arbitrary file write. Exploiting the flaw allows an authenticated attacker to bypass admin authentication and ACL restrictions and execute OS commands.
The vendor elaborates that this vulnerability differs from the recently reported CVE-2023-35078 zero-day. But an attacker may chain the two flaws for malicious purposes.
Ivanti confirmed detecting active exploitation of the flaw that affects all supported EPMM releases (11.10, 11.9, 11.8) and older versions. And the exploits reportedly affected the same limited number of customers that faced an impact from CVE-2023-35078 exploits.
It remains unclear if the attackers practically chained the two vulnerabilities for real-world attacks. In this case, the extent of damages may be higher than predicted earlier. Nonetheless, as clarified in its support article, the firm has ruled out the possibility of a supply-chain attack.
Patch Released
Upon detecting the vulnerability, Ivanti released the patch with EPMM 11.8.1.2, 11.9.1.2, and 11.10.0.3, urging users to update.
EPMM (Endpoint Manager Mobile), formerly MobileIron Core, is Ivanti’s mobile management software engine, facilitating IT personnel in configuring mobile applications, mobile devices, and mobile content management policies.
Recently, Ivanti EPMM made it to the news for an actively exploited zero-day that even targeted the Norwegian National Security Authority.
While Ivanti initially hesitated to disclose the flaw publicly, it eventually admitted the issue and shared details as the matter drew attention. However, this time, the vendors have stepped up for a direct public disclosure of the second zero-day, confirming the patch release too.
Hence, all EPMM users must update their systems with the latest software releases. Moreover, users should closely monitor their systems for any signs of breaches and intrusions to alleviate potential threats.
Let us know your thoughts in the comments.