CISA warns of active exploitation of Ivanti EPMM flaws

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding the exploitation of two vulnerabilities in the Ivanti Endpoint Manager Mobile, previously known as MobileIron Core, between April and July, BleepingComputer reports. Numerous Norwegian organizations and a Norwegian government agency's network have been compromised last month using the critical authentication bypass flaw, tracked as CVE-2023-35078, which could be chained with a directory traversal bug, tracked as CVE-2023-35081, to allow web shell deployments for attackers with admin privileges, according to CISA. "Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability. Consequently, CISA and [the Norwegian Cyber Security Centre] are concerned about the potential for widespread exploitation in government and private sector networks," said CISA, which has advised federal agencies to remediate CVE-2023-35078 by August 15 and CVE-2023-35081 by Aug. 21.