A few days ago, several of the websites operated by Norwegian government were disrupted because of a possible cyber-attack. US-CISA has issued a statement that hackers exploited a flaw in the API flow of Ivanti Endpoint Manager Mobile (EPMM) formerly known as MobileIron Core.
Classified as CVE-2023-35078 vulnerability with a severity score of 9 out of 10, the flaw allows a hacker bypass the user authentication function, giving him/her the access to some of the EPMM Functions and resources.
Ivanti stated that the versions that were exploited are EPMM versions 11.4, 11.10,22.214.171.124 and added that even the older versions are also at risk.
Remediation efforts have been conducted with the availability of RPM script and the fix.
The IT software services provider stated that the zero-day vulnerability has only hit a small cluster of its customers and all those affected were informed via proper channel.
Most impacted was Norway’s Department Security and Service Organization (DSS) along with the National Security Authority.
Currently, the investigation is under progress and so Ivanti did not name any actors or groups suspected behind the incident.
NOTE 1- In January 2017, Clearlake Capital, the parent company of Heat Software acquired LANDESK from Thoma Bravo and in the same month it merged Heat and Landesk to form Ivanti.
NOTE 2- In September 2020, Ivanti acquired Unified Endpoint Management Company MobileIron for $870M and merged the tech to form its Ivanti Endpoint Manager Mobile (EPMM).