A essential vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35082, has been added to CISA’s
Known Exploited Vulnerabilities (KEV) Catalog
.
The vulnerability has a CVSS rating of 9.8 and is an authentication bypass that features as a patch bypass for one more vulnerability, CVE-2023-35078, with the best CVSS rating of 10. That vulnerability was exploited within the wild in April 2023 in cyberattacks towards the Norwegian authorities.
According to Rapid7, a cybersecurity agency that found and reported the vulnerability, CVE-2023-35082 may be chained along with CVE-2023-35081 to permit a risk actor to write down malicious Web shell information, though it’s unknown how these vulnerabilities are being exploited within the wild.
All variations of Invanti Endpoint Manager are prone to being compromised, together with 11.10, 11.9, 11.8, and MobileIron Core 11.7. It’s really helpful that
Federal businesses apply patches
by the primary week of February.
This vulnerability comes simply days later
Ivanti researchers reported two different zero-day vulnerabilities
— CVE-2023-46805 and CVE-2024-21887 — which can be actively being exploited. Ivanti is offering mitigation assets for these flaws and reported that it will likely be launched patches in a staggered method on Jan. 22 and Feb. 19.