CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

cisa Known Exploited Vulnerabilities RESURGE

US CISA added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog.

US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog.

The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).

An unauthorized user can exploit the flaw to access restricted functionality or resources of the application without proper authentication.

“If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.” reads the advisory published by the software firm. “We have received information from a credible source indicating exploitation has occurred. We continue to work with our customers and partners to investigate this situation.”

This vulnerability impacts all supported versions (Version 11.4 releases 11.10, 11.9 and 11.8), but the company pointed out that older versions/releases are also at risk.

The IT software giant addressed the flaw this week with the release of EPMM 11.8.1.1, 11.9.1.1, and 11.10.0.2 patches.

Ivanti confirmed that the vulnerability is critical and urges customers to immediately address it.

“It’s a serious zero day vulnerability which is very easy to exploit, where Ivanti are trying to hide it for some reason – this will get mass internet swept. I’d strongly recommend upgrading, and if you can’t get off EOL, switch off the appliance.” wrote the popular researchers Kevin Beaumont on Mastodon.

The zero-day vulnerability was exploited by threat actors in recent attacks against the ICT platform used by twelve ministries of the Norwegian government.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by August 15, 2023.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ivanti)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.