Ivanti Patches 0-Day Vulnerability in Endpoint Manager Mobile

IVANTI, a software development company specializing in the IT field, has released a security update for its product Endpoint Manager Mobile (EPM), formerly known as Mobile Core. The update addresses a vulnerability that allowed attackers to bypass authentication and gain access to customer information[source].

A critical vulnerability, identified as CVE-2023-35078 (CVSS 10.0), was discovered and actively exploited by hackers against a small number of Ivanti’s clients. According to the company’s security bulletin[source], the company received information about the violations from a reliable source and assures that the vulnerability was not introduced maliciously.

“The IVANTI EPMM authentication vulnerability allows unauthorized users to access limited functions or application resources without proper authentication,” states the company’s security team.

“This vulnerability affects all supported versions (11.10, 11.9, and 11.8), as well as older versions. An unauthorized remote attacker can access personal identifying user information and modify the server.”

Ivanti has released security patches on Sunday to address the CVE-2023-35078 vulnerability. The patches can be installed by updating EPMM to versions 11.8.1.1, 11.9.1.1, or 11.10.0.2. They are also available for unsupported versions below 11.8.1.0 (e.g., 11.7.0.0, 11.5.0.0).

Based on a Shodan search conducted by cybersecurity consultant Daniel Card from PwndEfend, over 2900 MobileIRON Portals are accessible on the network, with dozens associated with local and state authorities in the United States. The majority of open servers are located in the USA, Germany, Great Britain, and Hong Kong.

Yesterday, we reported on the large-scale hacking of 12 Norwegian ministries, which was made possible by an “unknown vulnerability in the software of one of the suppliers,” according to Eric Hope, the head of the government

/Reports, release notes, official announcements.