September 29, 2023

A second vulnerability affecting cell endpoint administration software program from IT big Ivanti has been found, in line with a brand new advisory from the corporate.

Ivanti launched an advisory on Friday afternoon about CVE-2023-35081 – a zero-day vulnerability that’s completely different from the one hackers used to compromise a dozen Norwegian authorities companies on Monday.

“A vulnerability has been found in Ivanti Endpoint Supervisor Cellular (EPMM), previously often called MobileIron Core. This vulnerability impacts all supported variations – releases 11.10, 11.9 and 11.8. Older variations/releases are additionally in danger. This vulnerability is completely different from CVE-2023-35078, launched on July 23,” the corporate stated.

“As of now we’re solely conscious of the identical restricted variety of prospects impacted by CVE-2023-35078 as being impacted by CVE-2023-35081.”

The advisory says the vulnerability permits a risk actor to take quite a lot of actions on a sufferer gadget and can be utilized along with the primary bug to bypass administrator authentication.

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) revealed its personal warning concerning the advisory, urging prospects of the corporate to instantly patch their gadgets because of the exploitation of each vulnerabilities.

CISA added CVE-2023-35078 to its Recognized Exploited Vulnerabilities catalog on Tuesday following affirmation by Norway’s authorities that it was used within the assaults on a number of companies.

“This vulnerability was distinctive, and was found for the very first time right here in Norway,” stated Sofie Nystrøm, director of Norway’s Nationwide Safety Company. “If we had launched the details about the vulnerability too early, it may have contributed to it being misused elsewhere in Norway and in the remainder of the world.”

EPMM is used extensively throughout a number of governments together with in the usand a search on the safety platform Shodan confirmed dozens of companies within the U.S. and Europe doubtlessly uncovered to the problem amongst 1000’s of different potential victims.

In keeping with CISA, the vulnerability may enable hackers to remotely entry victims’ personally identifiable data, similar to names, telephone numbers, and different cell gadget particulars.

An attacker can even make different configuration adjustments, together with creating an administrative account that may make additional adjustments to a susceptible system, CISA stated Monday in a safety alert.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information retailers in South Africa, Jordan and Cambodia. He beforehand coated cybersecurity at ZDNet and TechRepublic.