Earlier this week, the Norwegian National Security Authority (NSM) disclosed that a series of attacks targeting government agencies exploited a previously unknown Zero-Day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) software, formerly known as MobileIron Core.
The vulnerability, tracked as CVE-2023-35078, allowed attackers to bypass authentication and gain unauthorized remote access to EPMM servers. The vulnerability also has a maximum CVSS score of 10.0, indicating its high severity.
According to the NSM, this Zero-Day was first discovered due to its use in attacks against Norwegian government ministries and agencies. While the full extent of the breach remains unclear, the NSM confirmed that 12 government bodies were impacted. The agency purposely withheld details about the flaw initially to prevent further exploitation until Ivanti could release patches.
The attackers exploited vulnerabilities in Ivanti's API to enable unauthenticated access to personal user information as well as the ability to make limited changes to the server configuration. Left unpatched, this could have enabled attackers to extract sensitive data from government systems or further their access.
Ted Miracco, CEO of Approov Mobile Security, discussed the Zero-Day with SecureWorld News:
"Another day, another zero-day is becoming the norm when it comes to state sponsored cyber attacks. This MobileIron exploitation demonstrates how governments are struggling to stay ahead of sophisticated hackers. Norway was probably right to withhold details while working to patch vulnerable systems. This attack shows no network is impenetrable, and government and businesses must constantly and diligently hunt for security gaps, as weaknesses inevitably emerge."
Ivanti has faced scrutiny over its lack of transparency and attempting to hide details of the vulnerability behind non-disclosure agreements and login walls. However, now that patches have been released, the company has published a security advisory urging customers to update EPMM software as soon as possible.
This incident highlights the ongoing threat of Zero-Day vulnerabilities, which can leave organizations open to attack even if they have taken other security precautions. It also underscores the importance of prompt patching and transparency from vendors when flaws are discovered and exploited in the wild.
The Norwegian breach provides a warning to the many other government entities and private organizations globally that use Ivanti's software. Internet scans reveal thousands of potentially vulnerable EPMM servers exposed online across countries such as the U.S. and U.K. Any organization using this software should evaluate their risk exposure and ensure patches are tested and applied without delay.
Follow SecureWorld News for more stories related to cybersecurity.