Security News
A previously patched critical vulnerability affecting Ivanti Endpoint Manager Mobile and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog. It is not known whether the vulnerability is being exploited by ransomware groups, and CISA does not publish specific information about attacks in which the vulnerabilities in the KEV catalog are exploited.
"As of now, we are only aware of a limited number of customers impacted by CVE-2023-38035. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM," Ivanti said. Since April, state-sponsored hackers have exploited two additional security vulnerabilities within Ivanti's Endpoint Manager Mobile, previously known as MobileIron Core.
Ivanti has disclosed a critical vulnerability affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile. "The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of work on a product bug. It had not previously been identified as a vulnerability," noted Ivanti.
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. "MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.
The U.S. Cybersecurity and Infrastructure Security Agency warned today of state hackers exploiting two flaws in Ivanti's Endpoint Manager Mobile, formerly MobileIron Core. "Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability," CISA said on Tuesday.
Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday. While Ivanti has published a security advisory to provide details on the security vulnerability, the information is being blocked by a login, given that the article can only be accessed with an account linked to Ivanti customer information.
By bringing MobileIron and Pulse Secure into the Ivanti portfolio, it will expand its capabilities to include even more devices, embed greater security protocols across infrastructures, and allow organizations to proactively and autonomously self-heal, self-secure, and self-service devices. This business combination further solidifies Ivanti as a global market leader in UEM, Zero Trust Security, and IT Service Management, and positions it to deliver intelligent and secure experiences across remote infrastructure, devices, and people in what is called the "Everywhere enterprise."
Separately, the Cybersecurity and Infrastructure Security Agency in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability. The flaw, first reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.
The UK National Cyber Security Centre issued an alert yesterday, prompting all organizations to patch the critical CVE-2020-15505 remote code execution vulnerability in MobileIron mobile device management systems. NCSC is warning that they are aware of hacking groups actively using the MobileIron CVE-2020-1550 vulnerability to compromise the networks in the healthcare, local government, logistics, and legal sectors.
The U.S. Cybersecurity and Infrastructure Security Agency has warned that government networks have been targeted in attacks exploiting the Zerologon vulnerability in combination with flaws affecting Fortinet and MobileIron products. "This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," CISA said in an advisory written with contributions from the FBI. It added, "CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised."