Ivanti has released a patch for the CVE-2023-35078 vulnerability in its Endpoint Manager Mobile (EPMM) software.
Labeled as highly critical, the vulnerability in Ivanti’s EPMM solution, also known by its former name MobileIron Core, allows hackers to access personal information on affected devices remotely. It also allows them to make limited (configuration) changes on connected servers.
All versions of the Ivanti EPMM solution are affected by the vulnerability.
After the discovery of the vulnerability, Ivanti shared its existence only through a website shielded for subscribers. Since then, under pressure from security experts, the data about the vulnerability has been made public anyway.
Meanwhile, a patch has also been released, the company announced.
The CVE-2023-35078 vulnerability in question has been actively abused by hackers, however. Recently, the Norwegian government announced that, via the vulnerability, twelve ministries had been hacked. Data would have been captured.