Attackers exploited a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to compromise a dozen Norwegian government agencies.
Attackers exploited a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to compromise a dozen Norwegian government agencies.
On Monday, the Norwegian Security and Service Organization (DSS) said that the cyberattack did not affect Norway's Prime Minister's Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs.
This vulnerability was unique and discovered for the very first time in Norway. "If we had released the information about the exposure too early, it could have contributed to it being misused elsewhere in Norway and the rest of the world," the NSM said.
The zero-day vulnerability, CVE-2023-35078, is an authentication bypass flaw affecting all supported versions of Ivanti's EPMM, formerly MobileIron Core. The flaw has a maximum CVSS severity rating of 10.0. EPMM is a widely used mobile management software engine that enables IT teams to set policies for mobile devices, applications, and content.
Successful exploitation allows remote threat actors to access specific API paths without requiring authentication. The unauthorised, remote actors can potentially access users' personally identifiable information (PII), such as names, phone numbers, and other mobile device details, for users on a vulnerable system and make limited changes to the affected server.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers could make other configuration changes, including creating an EPMM administrative account that can further change a vulnerable system.
The company says that all supported versions of EPMM, as well as older versions, are affected. The company has confirmed that the zero-day is being exploited in attacks and warned customers to take action immediately to ensure they are fully protected.
According to Shodan, a search engine for publicly exposed devices, more than 2,900 MobileIron portals are exposed to the internet, most of which are located in the United States, with other notable locations including Germany, the United Kingdom, and Hong Kong.
In light of this, it is crucial for all network administrators to promptly install the latest Ivanti Endpoint Manager Mobile (MobileIron) patches to protect their systems from attacks.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?