Security News > 2023 > August > Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
2023-08-02 03:41

Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.

The exact identity or origin of the threat actor remains unclear.

CVE-2023-35078 refers to a severe flaw that allows threat actors to access personally identifiable information and gain the ability to make configuration changes on compromised systems.

Successful exploitation of the twin vulnerabilities makes it possible for adversaries with EPMM administrator privileges to write arbitrary files, such as web shells, with operating system privileges of the EPMM web application server.

"The APT actors used Linux and Windows user agents with Firefox/107.0 to communicate with EPMM," the agencies said.

"Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices."


News URL

https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-25 CVE-2023-35078 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283