Ivanti Critical Vulnerability: An Urgent Call to Action

Ivanti Vulnerability Image

Ivanti Critical Vulnerability: An Urgent Call to Action

A critical vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM), (CVE-2023-35082, has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

root-1200x628-1-1024x536 Ivanti Critical Vulnerability: An Urgent Call to Action

In recent cybersecurity developments, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised alarms about a critical vulnerability impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. The flaw, identified as CVE-2023-35082 with a CVSS score of 9.8, allows attackers to bypass authentication actively in the wild. This vulnerability is particularly concerning as it serves as a patch bypass for another flaw, CVE-2023-35078, emphasizing the urgent need for mitigation.

Details of the Vulnerability:

  1. CVE-2023-35082 (CVSS Score: 9.8) – Authentication Bypass:
    • Enables attackers to bypass authentication, providing unauthorized access to sensitive information within Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core.
    • The severity of this flaw, as indicated by the CVSS score, underscores its potential impact on affected systems.
  2. CVE-2023-35078 (CVSS Score: 10.0) – Authentication Bypass Patch Bypass:
    • Similar to CVE-2023-35082, this flaw is an authentication bypass vulnerability but with a higher severity score of 10.0.
    • CVE-2023-35082 serves as a patch bypass for CVE-2023-35078, emphasizing the critical nature of the combined threat.
  3. CVE-2023-35081 – Directory Traversal:
    • Involves a directory traversal issue that enables attackers to write malicious web shell files to the appliance.
    • When combined with CVE-2023-35082, attackers gain the ability to create and execute malicious web shell files, further compromising system integrity.

Detection and Exploitation:

  • Rapid7 discovered and reported the flaw, highlighting its potential for exploitation. The vulnerability can be exploited in the wild and, when combined with CVE-2023-35081, allows attackers to drop web shells on the affected system.

Mitigation and Patching:

  • All versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9, and 11.8, as well as MobileIron Core 11.7 and below, are susceptible to these vulnerabilities.
  • Ivanti promptly released patches for the identified vulnerabilities. Users, especially federal agencies, should apply the vendor-provided fixes by February 8, 2024, to prevent potential exploitation.

Additional Zero-Day Flaws:

  • In a concerning trend, Ivanti faces mass exploitation of two zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices (CVE-2023-46805 and CVE-2024-21887).
  • These vulnerabilities are exploited to drop web shells and passive backdoors, prompting the company to release updates the following week.

Conclusion:

The disclosure of Ivanti vulnerability CVE-2023-35082, along with related flaws, highlights the evolving landscape of cybersecurity threats. Organizations using Ivanti solutions, especially federal agencies, must take immediate action to apply the provided patches and safeguard their systems from potential exploitation. As cyber threats continue to evolve, staying vigilant and promptly addressing vulnerabilities is crucial for maintaining a robust and secure IT infrastructure.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment