Pierluigi Paganini
July 30, 2023
Ivanti disclosed a new security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35081 (CVSS score: 7.8), that was exploited in the wild as part of an exploit chain by threat actors.
“A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.” reads the advisory published by the company. “CVE-2023-35081 enables an authenticated administrator to perform arbitrary file writes to the EPMM server.”
The company states that an attacker can chain this vulnerability with CVE-2023-35078 to bypass administrator authentication and ACLs restrictions (if applicable).
“Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user.” continues the advisory. “As of now we are only aware of the same limited number of customers impacted by CVE-2023-35078 as being impacted by CVE-2023-35081.”
The flaw impacts supported versions 11.10, 11.9, and 11.8, older versions/releases are also at risk.
This week US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog.
The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
An unauthorized user can exploit the flaw to access restricted functionality or resources of the application without proper authentication.
The zero-day vulnerability was exploited by threat actors in recent attacks against the ICT platform used by twelve ministries of the Norwegian government.
CISA orders federal agencies to fix this flaw by August 15, 2023.
Follow me on Twitter: @securityaffairs Facebook and Mastodon
(SecurityAffairs – hacking, Ivanti)
