January 19, 2024 at 03:00PM
A critical vulnerability, CVE-2023-35082, in Ivanti Endpoint Manager Mobile (EPMM) with a CVSS score of 9.8 has been added to CISA’s Known Exploited Vulnerabilities Catalog. It allows an authentication bypass and patch bypass for another high-risk vulnerability, CVE-2023-35078. Rapid7 reports a potential threat actor exploitation, with all versions of Invanti Endpoint Manager at risk. Patches should be applied by early February.
Key takeaways from the meeting notes on the critical vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) are as follows:
1. The vulnerability, tracked as CVE-2023-35082, has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
2. It has a CVSS score of 9.8 and is an authentication bypass that functions as a patch bypass for another vulnerability, CVE-2023-35078, which was exploited in cyberattacks against the Norwegian government in April 2023.
3. Rapid7, the cybersecurity firm that discovered and reported the vulnerability, stated that it can be chained together with CVE-2023-35081 to allow a threat actor to write malicious Web shell files, and it is unknown how these vulnerabilities are being exploited in the wild.
4. All versions of Ivanti Endpoint Manager, including 11.10, 11.9, 11.8, and MobileIron Core 11.7, are at risk of being compromised.
5. It is recommended that federal agencies apply patches by the first week of February.
6. Ivanti researchers have reported two other zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that are actively being exploited. Mitigation resources are being provided for these flaws, and patches will be released in a staggered approach on Jan. 22 and Feb. 19.
Please let me know if there are further details needed or any additional information required.