CSC News Table of Contents
Critical Zero-Day Exploit Targeting Ivanti EPMM Software – Norwegian Government Affected: A critical zero-day vulnerability has been identified in Ivanti’s Endpoint Manager Mobile (EPMM) software, formerly known as MobileIron Core, leading to a cyberattack on the Norwegian government.
This news item delves into the details of the exploit, its impact on government ministries, and the response from Ivanti and cybersecurity agencies.
Additionally, we highlight key takeaways for organizations to protect themselves from potential cyber threats.
Key Takeaways on Critical Zero-Day Exploit Targeting Ivanti EPMM Software – Norwegian Government Affected:
- Ivanti EPMM software has been targeted in a zero-day exploit, impacting the Norwegian government.
- The vulnerability, CVE-2023-35078, allows remote attackers to potentially access users’ personally identifiable information and make limited changes to the server.
- Organizations using Ivanti software should urgently install the released patch to safeguard against exploitation.
Attack on Norwegian Government Linked to Exploited Ivanti Zero-Day Vulnerability
Norwegian authorities revealed a cyberattack that specifically targeted a dozen government ministries, exploiting a previously unknown zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) software.
EPMM, formerly known as MobileIron Core, is a widely used mobile management software engine empowering IT teams to set policies for mobile devices, applications, and content.
Exploitation of CVE-2023-35078: A Critical Unauthenticated API Access Flaw
The attack’s specifics emerged when the country’s National Security Authority disclosed that the cybercriminals leveraged CVE-2023-35078, a critical unauthenticated API access vulnerability affecting Ivanti’s EPMM.
The flaw enabled remote threat actors to potentially gain access to users’ personally identifiable information and execute limited modifications on the server.
Rapid Response from Ivanti: A Patch for All Supported Versions
Ivanti swiftly responded to the situation, releasing a patch to address the critical authentication bypass vulnerability in all supported versions, including 11.10, 11.9, 11.8, and older releases.
The company recommends immediate installation of the patch, emphasizing how easily the flaw can be exploited by threat actors.
Security Researcher Observes Exploitation Attempts
Security researcher Kevin Beaumont established a honeypot to monitor CVE-2023-35078 and reported witnessing exploitation attempts.
The vulnerability has caught the attention of cybercriminals, particularly in the United States and Europe, where numerous internet-exposed systems may be at risk.
Concerns Surrounding Initial Advisory by Ivanti
Ivanti faced criticism for initially limiting the public availability of its advisory, as it was initially behind a paywall and kept the exploitation information hidden.
However, the company has been working closely with its customers and partners to investigate and mitigate the impact.
US Cybersecurity Agency’s Alert
The US Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert, clarifying that the zero-day vulnerability could be exploited by attackers with access to specific API paths.
The attacker could obtain sensitive information, such as names, phone numbers, and other mobile device details. Moreover, an attacker could potentially create an admin account to make unauthorized system modifications.
Past Ivanti Product Flaws
CISA’s Known Exploited Vulnerabilities Catalog lists nine previously known Ivanti product flaws, impacting Pulse Connect Secure and MobileIron products, which Ivanti acquired in 2020.
Conclusion
The zero-day vulnerability affecting Ivanti EPMM has significantly impacted the Norwegian government, raising concerns over cybersecurity in organizations using the software.
Immediate action, such as installing the released patch, is crucial for mitigating potential threats and safeguarding sensitive information from exploitation.
As cybercriminals continue to target software vulnerabilities, proactive measures and vigilant monitoring remain imperative for organizations to protect their systems and data.
