The vulnerability in Ivanti software has been exploited since at least April. That is what cyber security services from Norway and the US know.
CISA from the U.S. and the Norwegian National Cyber Security Centre (NCSC-NO) are jointly releasing an advisory report, looking deeper into the zero-day in Ivanti software. Hackers reportedly exploited the zero-day for the first time in April.
Through the vulnerability CVE-2023-35078, hackers found a passage to several governments. Norwegian authorities have already discovered that hackers could penetrate a software platform used by 12 Norwegian ministries through the vulnerability. The Ivanti Endpoint Manager Mobile, which contains the vulnerability, is also used by government agencies in the U.S. and UK.
Also read: Norwegian ministries hacked through vulnerability in Ivanti software
“Mobile Device Management (MDM) systems are attractive targets for malicious actors because they provide increased access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability. Consequently, CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks,” the report warns.
Second, powerful vulnerability
Ivanti quickly released a patch for the zero-day. However, that did not remove access for hackers by finding a second vulnerability they could exploit. CVE-2023-35081 would make it easier for hackers to carry out attacks. Hackers can create, modify and delete files through the vulnerability, Ivanti knows. Along with the first zero-day, it even allows hackers to invade sites requiring administrator authentication. A patch is also available for the second vulnerability.
The report advises governments to examine their systems for possible signs of intrusion. Norway and the U.S. impose a deadline of Aug. 21 to install both patches.