Ivanti has once again patched a zero-day vulnerability in its Endpoint Manager Mobile (EPMM) software. At issue is CVE-2023-35078, which allows malicious actors to place, modify or delete files on an Ivanti EPMM server.
Security party Mnemonic contributed to the discovery of the vulnerability. “This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions (if applicable).” Ivanti stated.
Users are advised to look in their logs for any exploits. Indeed, the vulnerability combination exploit has been spotted in the wild at Mnemonic.
Patch after patch
Less than a week ago, Ivanti also released a patch for this earlier vulnerability (CVE-2023-35078). It had previously led to a hack spread across 12 Norwegian ministries. This potentially allowed access to sensitive data that may also have been stolen.
Tip: Norwegian ministries hacked through vulnerability in Ivanti software
Before Ivanti had disclosed that the initial vulnerability existed, it faced strong criticism from security experts because it seemed to want to “cover up the danger. It soon reversed this policy.
2 days ago
