Third Ivanti Vulnerability Exploited in the Wild, CISA Reports
Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it.
January 19, 2024
A critical vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35082, has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog.
The vulnerability has a CVSS score of 9.8 and is an authentication bypass that functions as a patch bypass for another vulnerability, CVE-2023-35078, with the highest CVSS score of 10. That vulnerability was exploited in the wild in April 2023 in cyberattacks against the Norwegian government.
According to Rapid7, a cybersecurity firm that discovered and reported the vulnerability, CVE-2023-35082 can be chained together with CVE-2023-35081 to allow a threat actor to write malicious Web shell files, though it is unknown how these vulnerabilities are being exploited in the wild.
All versions of Invanti Endpoint Manager are at risk of being compromised, including 11.10, 11.9, 11.8, and MobileIron Core 11.7. It's recommended that federal agencies apply patches by the first week of February.
This vulnerability comes just days after Ivanti researchers reported two other zero-day vulnerabilities — CVE-2023-46805 and CVE-2024-21887 — that are actively being exploited. Ivanti is providing mitigation resources for these flaws and reported that it will be released patches in a staggered approach on Jan. 22 and Feb. 19.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024