Zero-day Flaw in Ivanti Mobile Endpoint Manager Software


Ivanti ‘s mobile device management software EPMM(Endpoint manager mobile), aka Mobile iron core version lower than 11.8.1.0, was impacted by the actively exploited zero-day vulnerability. 

On Sunday, the company released the security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078.

Ivanti is an asset management software system used to remotely inventory and manage desktop computers. 

It has the ability to report on installed software and hardware, allow remote assistance, and install security patches.

Therefore it recommends its users upgrade to EPMM 11.8.1.1, 11.9.1.1, and 11.10.0.2. 

Vulnerability Details:

If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.

Ivanti has published a password-protected security advisory; only customers with login details can access it. Cyber Security News has requested a public advisory from Ivanti and is currently waiting for their comments.

Ivanti further clarified that the vulnerability is not being exploited in a supply chain attack, stating that it did not uncover “any indication that this vulnerability was introduced into our code development process maliciously.

And they confirmed that they responded swiftly by creating and releasing a patch and interacting with consumers to assist them in installing it.

Over 2,900 MobileIron user portals are publicly accessible online, and PwnDefend Cyber Security Consultant Daniel Card stated that he discovered this using a Shodan search.

 About 30 are associated with local and state government entities in the United States.

Most exposed servers are in the United States,  Germany, the United Kingdom, and Hong Kong.

Ivanti recommends all of its customers patch Endpoint Manager Mobile (MobileIron) as quickly as feasible by all network administrators.



Source link