Third Ivanti Vulnerability Exploited in the Wild, CISA Reports

Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it.

A bunch of green binary code with a keyhole filled with red binary code
Source: Elena11 via Shutterstock

A critical vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35082, has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog.

The vulnerability has a CVSS score of 9.8 and is an authentication bypass that functions as a patch bypass for another vulnerability, CVE-2023-35078, with the highest CVSS score of 10. That vulnerability was exploited in the wild in April 2023 in cyberattacks against the Norwegian government.

According to Rapid7, a cybersecurity firm that discovered and reported the vulnerability, CVE-2023-35082 can be chained together with CVE-2023-35081 to allow a threat actor to write malicious Web shell files, though it is unknown how these vulnerabilities are being exploited in the wild.

All versions of Invanti Endpoint Manager are at risk of being compromised, including 11.10, 11.9, 11.8, and MobileIron Core 11.7. It's recommended that federal agencies apply patches by the first week of February.

This vulnerability comes just days after Ivanti researchers reported two other zero-day vulnerabilities — CVE-2023-46805 and CVE-2024-21887 — that are actively being exploited. Ivanti is providing mitigation resources for these flaws and reported that it will be released patches in a staggered approach on Jan. 22 and Feb. 19. 

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights