Security News > 2023 > July > Ivanti plugs critical bug – but not before it was used against Norwegian government
A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole.
On Monday, the US government's Cybersecurity and Infrastructure Security Agency added CVE-2023-35078 to its Known Exploited Vulnerabilities Catalog that should be urgently patched.
After initially taking down an advisory with details about the bug, and then hiding the advisory behind a paywall, on Tuesday Ivanti finally posted a public-facing security alert about CVE-2023-35078 - a remote authentication bypass vulnerability, which received a nastily perfect 10 out of 10 CVSS severity rating.
A spokesperson for the software maker told The Register it was informed of the security flaw late last week by said "Credible source," and made the patch available to customers on Sunday.
The spinner denied reports that Ivanti forced customers to sign a non-disclosure agreement specifically about this vulnerability, though said its security updates are typically shared confidentially.
Later in the day, Norway disclosed the software that had been exploited was Ivanti's EPMM. The country's National Security Authority said it waited until Ivanti's patch was generally available before naming the software.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/07/26/ivanti_patch_norway_ciso/
Related news
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |