Security News > 2024 > January > CISA: Critical Ivanti auth bypass bug now actively exploited
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation.
While it has yet to provide further details on CVE-2023-35082 active exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation and says there's no evidence of abuse in ransomware attacks.
Two other Ivanti Connect Secure zero-days, an auth bypass and a command injection are now also under mass exploitation by multiple threat groups, starting January 11.
Multiple other Ivanti zero-days have been exploited in recent years to breach dozens of government, defense, and financial organizations across the United States and Europe, several Norwegian government organizations, as well as in targeted attacks.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
CISA warns of actively exploited bugs in Chrome and Excel parsing library.
News URL
Related news
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-15 | CVE-2023-35082 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |