Ivanti Releases Fixes for Vulnerability Exploited in Attack on Norwegian Government Systems
Ivanti has released fixes to address a critical authentication bypass vulnerability that affects all supported versions of its endpoint management platform. Ivanti has acknowledged that the flaw is being actively exploited and urges users to update to the most recent versions of Ivanti Endpoint Manager Mobile. The flaw was exploited in a cyberattack that affected networks at a dozen Norwegian government ministries. The US Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti flaw to its Known Exploited Vulnerabilities catalog on July 25.
CVE-2023-35078, remote authentication bypass, gets a (perfect) CVSS score of 10. This flaw affects all the supported as well as older unsupported versions of Ivanti EPMM (formerly MobileIron Core). The reason you may not have heard the connection to the attack on the Norwegian government sites is that information was being held back until the patch had been released from Ivanti. Ivanti is also actively engaging with customers to get the patch applied as well as help investigate compromises where needed. If you're an Ivanti site, make sure that not only are you running a supported patched version but also that you're following their latest security guidance.
Ivanti’s Endpoint Manager Mobile (formerly MobileIron) has a 37% market share in the mobile device management market. That’s a sizeable target market for evil-doers. Heed the vendor advice, download and install the patch now.
Read more in
Gov Infosecurity: Ivanti Zero-Day Used in Norway Government Breach
Bleeping Computer: CISA warns govt agencies to patch Ivanti bug exploited in attacks