News > Cyber-Security > CS-General
by Kevin Wood

Critical Vulnerability in Ivanti Endpoint Manager Mobile (EPMM) Exploited in the Wild, Prompting Urgent Patching

 

customers rushing to patch

A critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) software, has been exploited in the wild, posing a significant risk to organizations that rely on the platform to manage and secure their mobile devices. Ivanti has released patches and urged customers to apply them immediately to protect against potential attacks.

The vulnerability, tracked as CVE-2023-35078, is a critical authentication bypass flaw that allows unauthenticated attackers to gain access to sensitive information and potentially take control of affected systems. Successful exploitation of this vulnerability could enable attackers to:

• Access and exfiltrate sensitive data, including personally identifiable information (PII), login credentials, and corporate data stored on managed devices.
• Modify device configurations, potentially disrupting or disabling security controls.
• Install malicious software, such as ransomware or spyware, on mobile devices.
• Gain access to corporate networks through compromised mobile devices, leading to further attacks.

The vulnerability affects all supported versions of Ivanti EPMM, as well as unsupported and end-of-life releases. This widespread impact underscores the urgency of applying the available patches as quickly as possible.

Exploitation in the Wild

While Ivanti has not disclosed specific details about the attacks exploiting the vulnerability, reports indicate that it has been used in targeted attacks against government entities and critical infrastructure. One notable incident involved the compromise of the ICT platform used by 12 Norwegian ministries, exposing sensitive government information and raising concerns about potential espionage activities.

The exploitation of this vulnerability in the wild is a significant escalation of the threat. It indicates that attackers are actively targeting organizations using Ivanti EPMM, and the potential consequences could be severe.

Ivanti’s Response and Recommendations

Ivanti has responded to the vulnerability by releasing patches for supported versions of EPMM and providing mitigation guidance for unsupported versions. The company strongly recommends that all customers immediately apply the available patches and follow their recommended security best practices.

Customers who have already been impacted by the vulnerability should take additional steps to secure their systems, such as:

• Resetting all administrative passwords
• Revoking all API keys
• Rotating SSL certificates
• Implementing additional monitoring and logging
• Conducting a thorough forensic investigation to determine the extent of the compromise

The Ivanti EPMM vulnerability highlights the growing risks associated with mobile device management (MDM) solutions. These tools are essential for businesses to manage and secure the ever-growing number of mobile devices used by employees. However, they also represent a potential attack vector for cybercriminals, as a compromised MDM system can provide access to a vast array of devices and sensitive data.

The Ivanti EPMM vulnerability adds to a growing list of cybersecurity incidents highlighting the challenges faced by organizations in securing their systems and data. The increasing sophistication and frequency of cyberattacks, coupled with the expanding attack surface due to remote work and reliance on mobile devices, demand a proactive and comprehensive approach to cybersecurity.

The rise of vulnerabilities like the one found in Ivanti EPMM emphasizes the importance of robust vulnerability management practices. Organizations must prioritize regular patching, security updates, and thorough testing to identify and address weaknesses before attackers can exploit them.

The Ivanti EPMM incident also underscores the critical role of collaboration between software vendors, security researchers, and end-users in mitigating cyber threats. Responsible disclosure of vulnerabilities, prompt patch releases, and timely implementation of security updates are crucial steps in ensuring the security of digital ecosystems.

The Way Forward: A Call for Vigilance and Preparedness

As the threat landscape continues to evolve, organizations must remain vigilant and adapt their security strategies to address emerging risks. This includes:

• Prioritizing Mobile Device Security: As mobile devices become increasingly integrated into business operations, it’s essential to implement robust security measures, such as strong authentication, encryption, and regular security updates.
• Adopting Zero Trust Security: This model assumes that no user or device should be trusted by default, even those within the network perimeter. It requires continuous verification of identity and access, reducing the risk of unauthorized access.
• Investing in Threat Intelligence: Stay informed about the latest cyber threats and vulnerabilities, and proactively implement measures to protect against them.
• Building a Culture of Security Awareness: Educate employees about cybersecurity risks and best practices to reduce the likelihood of human error leading to successful attacks.
• Partnering with Cybersecurity Experts: Seek guidance and support from experienced professionals who can help you develop and implement a comprehensive cybersecurity strategy.

The Ivanti EPMM vulnerability serves as a stark reminder that no software is immune to flaws, and even widely used enterprise solutions can be compromised by determined attackers. By taking proactive steps to strengthen their defenses and collaborating with cybersecurity experts, organizations can better protect themselves and their customers from the growing threat of cyberattacks.