Twelve ministries in Norway have been hacked due to a vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution.
According to Norwegian authorities, CVE-2023-35078 of Ivanti EPMM allowed hackers to penetrate a software platform used by 12 Norwegian ministries.
In its response to the incident, Norway’s data protection authority DPA indicated that the breach may have allowed hackers to access and possibly steal sensitive data.
The office of the Norwegian prime minister, the Ministry of Defense, the Ministry of Justice and that of Foreign Affairs were not affected.
Bypassing authentication
The vulnerability allows hackers to bypass authentication in all versions of the Avanti software. It also applies to unsupported and end-of-life releases of the Avanti EPMM solution.
The vulnerability allows remote hackers to access specific API paths without authentication. They can then access information traceable back to individuals. Examples include names, phone numbers and other data about mobile devices on a vulnerable system.
Configuration changes
Furthermore, hackers can make configuration changes this way, such as creating an EPMM management account. This in turn allows them to change other things within vulnerable systems.
The vulnerability is now being actively exploited. Ivanti therefore urges users to install the latest patches for Ivanti Endpoint Manager Mobile (MobileIron) as soon as possible.