Security News > 2023 > July > Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
2023-07-31 13:21

Another actively exploited zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been identified and fixed.

Last week, we reported on a remote unauthenticated API access vulnerability affecting Ivanti EPMM having been exploited to target Norwegian ministries.

The company stated that the vulnerability has impacted a limited number of customers and has released a patch, but did not share any other details or indicators of compromise with the public.

The infosec community quickly ferreted out the vulnerable API endpoint, the nature of the vulnerability, how it can be exploited, and how organizations can check whether the vulnerability has been exploited in their systems.

CVE-2023-35081, discovered with the help of Mnemonic researchers, is a remote arbitrary file write vulnerability that could allow a threat actor to remotely create, modify, or delete files in the Ivanti EPMM server.

Ivanti has also stressed that, as far as they can currently tell, this vulnerability was not introduced into their code development process maliciously.


News URL

https://www.helpnetsecurity.com/2023/07/31/cve-2023-35081/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-35081 Path Traversal vulnerability in Ivanti Endpoint Manager Mobile
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
network
low complexity
ivanti CWE-22
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 0 51 152 75 278