CVE-2023-35078 is a zero-day vulnerability affecting Ivanti’s Endpoint Manager Mobile (EPMM). Norweigan authorities announced this week that cyber threat actors exploiting this vulnerability attacked twelve government ministries.
Ivanti publicly stated on Monday that CVE-2023-35078 is an unauthenticated API access issue that can allow threat actors access to users’ personal information. The bug can also be exploited to make limited server changes, including creating an admin account to modify systems. Ivanti was criticized for initially placing its security announcement regarding the vulnerability behind a paywall. The vendor released a patch and advised customers to update their systems as soon as possible. Cybersecurity researcher Kevin Beaumont created a honeypot to monitor the vulnerability and already noted several exploitation attempts in the wild. CISA’s Known Exploited Vulnerabilities Catalog does not include this vulnerability but features nine other Ivanti flaws that also impact Pulse Connect Secure and MobileIron products.
Read More: