Security News > 2023 > July > CISA warns govt agencies to patch Ivanti bug exploited in attacks
Ivanti has also confirmed that the bug is actively exploited in attacks and warned customers that it's critical to "Immediately take action" to ensure their systems are fully protected.
U.S. Federal Civilian Executive Branch Agencies have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA's list of Known Exploited Vulnerabilities on Tuesday.
The U.S. cybersecurity agency also gave federal agencies three weeks to patch their Adobe ColdFusion servers against two critical security flaws exploited in attacks, one of them as a zero-day.
Ivanti patches MobileIron zero-day bug exploited in attacks.
CISA warns govt agencies to patch Adobe ColdFusion servers.
CISA orders agencies to patch iPhone bugs abused in spyware attacks.
News URL
Related news
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |