Home Security Ivanti Releases Pressing Patch for EPMM Zero-Day Vulnerability Below Lively Exploitation

Ivanti Releases Pressing Patch for EPMM Zero-Day Vulnerability Below Lively Exploitation

by crpt os


Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability.

Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as well as older releases. It has the maximum severity rating of 10 on the CVSS scale.

“An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication,” the company said in a terse advisory.

“If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said an adversary with access to the API paths could exploit them to obtain personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We’ve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

“An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system,” CISA added.

The Utah-based IT software firm further said that it’s aware of active exploitation of the bug against a “very limited number of customers” but did not disclose additional specifics about the nature of the attacks or the identity of the threat actor behind them.

Patches for the issue have been made available in versions 11.8.1.1, 11.9.1.1, and 11.10.0.2, according to security researcher Kevin Beaumont.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex