Security News > 2023 > August > Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The exact identity or origin of the threat actor remains unclear.
CVE-2023-35078 refers to a severe flaw that allows threat actors to access personally identifiable information and gain the ability to make configuration changes on compromised systems.
Successful exploitation of the twin vulnerabilities makes it possible for adversaries with EPMM administrator privileges to write arbitrary files, such as web shells, with operating system privileges of the EPMM web application server.
"The APT actors used Linux and Windows user agents with Firefox/107.0 to communicate with EPMM," the agencies said.
"Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices."
News URL
https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |