Security News > 2023 > August > Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The exact identity or origin of the threat actor remains unclear.
CVE-2023-35078 refers to a severe flaw that allows threat actors to access personally identifiable information and gain the ability to make configuration changes on compromised systems.
Successful exploitation of the twin vulnerabilities makes it possible for adversaries with EPMM administrator privileges to write arbitrary files, such as web shells, with operating system privileges of the EPMM web application server.
"The APT actors used Linux and Windows user agents with Firefox/107.0 to communicate with EPMM," the agencies said.
"Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices."
News URL
https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |