A
cyberattack targeting the Norwegian government has revealed zero-day
vulnerabilities in Ivanti software products. In this attack, a dozen government
ministries were targeted and used the CVE-2023-35078 vulnerability, which
impacts Ivanti's Endpoint Manager Mobile (EPMM), formerly known as MobileIron
Core. The vulnerability is an API access issue without authentication, allowing
remote attackers to access users' personal information and make limited changes
to the server. It is estimated that more than 900,000 MobileIron devices are
exposed on the internet, mainly in the United States and Europe.
Ivanti
has released a patch to address this flaw, but security researchers have
spotted the exploit after it was logged on Ivanti's customer support forum. The
vendor did not initially publicize the security advisory, prompting criticism
that the exploit information was hidden. Security authorities in Norway have
issued a warning and advised system owners to install the patch immediately to
counter potential attacks.
This
vulnerability is highly critical with a CVSS score of 10 - the highest severity
level, and could grant attackers "super-admin" access, resulting in
full access to the device's operating system. In addition, the attackers can
also create admin accounts to make modifications to the target system. This attack
has raised concerns regarding the potential theft of sensitive data and data
breaches.
Norway
is no stranger to cyberattacks, with a history of attacks from Russian and
Chinese hackers targeting government and parliamentary websites. Previous
attacks have involved data theft and exploiting vulnerabilities in platforms
such as Microsoft Exchange.
This
Ivanti zero-day vulnerability highlights the importance of proper patch
deployment and mitigation measures in the face of cyber threats. Cybersecurity
should be a top priority for organizations, especially for governments and
agencies with significant sensitive data. Proactive measures and close
monitoring of potential vulnerabilities are crucial steps in protecting
infrastructure and information from evolving cyberattacks.
0 Comments