Ivanti fixed a 0-day hole in its Endpoint Manager Mobile product, dozens of organizations managed to suffer

Company Ivanti, an IT software developer, has released a security update for its Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, for mobile device management. Update fixes vulnerability which allowed attackers to bypass authentication and gain access to sensitive user information.

Critical vulnerability that received an ID CVE-2023-35078 (CVSS 10.0) was discovered and actively exploited by hackers against a small number of Ivanti customers. According to the company in its security bulletin , she received information about the violations from a “trustworthy source”. The company also assures that the vulnerability was not introduced into its code maliciously.

“An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted features or application resources without proper authentication,” the company said in a security bulletin.

“This vulnerability affects all supported versions 11.10, 11.9 and 11.8. Old versions/releases are also at risk. An unauthorized, remote attacker could gain access to users’ personally identifiable information and also make changes to the server.”

Ivanti released security patches for CVE-2023-35078 on Sunday. Patches can be installed by updating EPMM to versions 11.8.1.1, 11.9.1.1, or 11.10.0.2. They are also intended for unsupported and deprecated software versions below 11.8.1.0 (for example, 11.7.0.0, 11.5.0.0).

According to search Shodanhosted by Daniel Card, cybersecurity consultant at PwnDefend, there are now more than 2,900 MobileIron user portals available online, of which three dozen are affiliated with US local and state governments. Most open servers are located in the US, Germany, UK and Hong Kong.

Yesterday we told about a large-scale hacking of 12 Norwegian ministries at once, which became possible, according to the head of the government agency, Eric Hope, thanks to “an unknown vulnerability in the software of one of the suppliers.” How turned out later then it was about Endpoint Manager Mobile (MobileIron) from Ivanti, one of whose clients is the government of Norway.

All network administrators and others responsible for configuring software within an organization are encouraged to install the latest security patches for Ivanti Endpoint Manager Mobile as soon as possible to avoid any possible consequences of malicious exploitation of the CVE-2023-35078 vulnerability.