CISA Issues Warning: Critical Vulnerabilities in Ivanti’s Endpoint Manager Mobile

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) have issued a cybersecurity advisory together in light of the active exploitation of two vulnerabilities in Ivanti‘s Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.

Ivanti Endpoint Manager Mobile overview

The vulnerabilities tracked as CVE-2023-35078 and CVE-2023-35081, impose a significant risk to organizations using the mobile device management software. Cybercriminals have been observed exploiting these flaws to bypass administrator authentication and gain unauthorized access to sensitive resources. Potentially allowing them to execute malicious OS commands on affected systems.

Vulnerability Details

The first vulnerability, CVE-2023-35078, was addressed by Ivanti with a patch released on July 23, 2023. However, the company later discovered that it could be used in conjunction with the second vulnerability, CVE-2023-35081, to perform a vulnerability chaining attack. The attackers can bypass administrator authentication and ACL restrictions (if applicable). Enabling them to write malicious files to the appliance and execute OS commands as the tomcat user.

The vulnerability affects versions 11.10, 11.9, and 11.8 of Ivanti’s Endpoint Manager Mobile, with older versions also at risk. The potential for widespread exploitation of these vulnerabilities in government and private sector networks causes a significant threat to data security and sensitive information.

CISA Prompt Action

In response to the security advisory, CISA has issued a Binding Operational Directive (BOD) 22-01. Ordering federal agencies to address the identified vulnerabilities by August 21, 2023. The directive aims to mitigate risks and protect government networks from potential attacks exploiting known flaws.

Moreover, the CISA and NCSC-NO also warn that mobile device management (MDM) systems are attractive targets for threat actors, as compromising them gives elevated access to thousands of mobile devices. Recent attacks against the Norwegian government’s ICT platform, used by twelve ministries, exploited the zero-day vulnerability to gain unauthorized access and carry out malicious activities.

Private organizations are also urged to review the Known Exploited Vulnerabilities Catalog and address any identified vulnerabilities in their infrastructure. Taking proactive measures to address security gaps can prevent unauthorized access and potential data breaches.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

Popular Android TV Box is Infected With Malware, Researchers Warn

Exclusive: Russian Hacker Groups United To Paralyze European Banks

BlackLotus UEFI Bootkit: The Source Code Revealed on GitHub!

AvidXchange Hit By Massive Ransomware Attacks Twice in 2023