Ivanti Zero-Day Vulnerabilities Exposed in Major Cyberattack

 

A cyberattack targeting the Norwegian government has revealed zero-day vulnerabilities in Ivanti software products. In this attack, a dozen government ministries were targeted and used the CVE-2023-35078 vulnerability, which impacts Ivanti's Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The vulnerability is an API access issue without authentication, allowing remote attackers to access users' personal information and make limited changes to the server. It is estimated that more than 900,000 MobileIron devices are exposed on the internet, mainly in the United States and Europe.

Ivanti has released a patch to address this flaw, but security researchers have spotted the exploit after it was logged on Ivanti's customer support forum. The vendor did not initially publicize the security advisory, prompting criticism that the exploit information was hidden. Security authorities in Norway have issued a warning and advised system owners to install the patch immediately to counter potential attacks.

This vulnerability is highly critical with a CVSS score of 10 - the highest severity level, and could grant attackers "super-admin" access, resulting in full access to the device's operating system. In addition, the attackers can also create admin accounts to make modifications to the target system. This attack has raised concerns regarding the potential theft of sensitive data and data breaches.

Norway is no stranger to cyberattacks, with a history of attacks from Russian and Chinese hackers targeting government and parliamentary websites. Previous attacks have involved data theft and exploiting vulnerabilities in platforms such as Microsoft Exchange.

This Ivanti zero-day vulnerability highlights the importance of proper patch deployment and mitigation measures in the face of cyber threats. Cybersecurity should be a top priority for organizations, especially for governments and agencies with significant sensitive data. Proactive measures and close monitoring of potential vulnerabilities are crucial steps in protecting infrastructure and information from evolving cyberattacks.