CISA warns the US federal agencies of a critical zero-day bug in Ivanti’s Endpoint Manager Mobile (EPMM) – that can let hackers access the internal data used by federal employees.
Both CISA and Ivanti noted active exploitations of the bug in wild, so urge the customers to patch it as soon as possible, available in the latest update to EPMM. A scan on Shodan revealed over thousands of Ivanti’s EPMM devices exposed on the internet, putting all of the at risk of not patched immediately.
Patch Your Ivanti EPMM Now
Ivanti’s Endpoint Manager Mobile (EPMM), previously known as MobileIron Core, is an asset management software that lets the admins control and update the connected devices remotely. This is widely used in enterprises, so any vulnerability arising in EPMM is critical to the organisation.
And the latest is one such incident, where a security bug – tracked as CVE-2023-35078 – is found in Ivanti’s EPMM software, that lets unauthenticated attackers access specific API paths to steal sensitive information like names, phone numbers, and other mobile device details – remotely.
This authentication bypass vulnerability is given the maximum severity rating, and is under active exploitation in wild! Norway’s National Security Authority said there are about 12 Norwegian ministries using this software, putting themselves at the risk of data leak and spying.
While there were no publicly known Indicators of Compromise to detect attacks, researchers shared the info [1, 2, 3] they have on the vulnerable endpoint required to exploit the vulnerability, which would allow threat actors to quickly create their own exploits and further escalate attacks.
A simple scan made on Shodan revealed around 2,900 MobileIron user portals exposed on the internet; with over three dozens of them belonging to the U.S. local and state government agencies. This, it’s advised to update the vulnerable Ivanti devices as soon as possible.