Ivanti has once again encountered an error that affects and corrects its Endpoint Manager software. This is despite the fact that Ivanti had eliminated a zero-day vulnerability that targeted the same product a few days before.
Analysts found new vulnerability in Ivanti EPMM
Currently, two vulnerabilities are being actively exploited by malicious cyber actors. It is making them a common attack vector that poses significant risks to the federal enterprise. EPMM users are strongly advised to apply the available patches as soon as possible to protect themselves. Last week, it was disclosed that one of the vulnerabilities, known as CVE-2023-35078 and with a maximum-possible CVSS v3 rating of 10, was used in an attack against twelve ministries in the Norwegian government.
Many IT departments worldwide, including several U.S. government agencies, use Ivanti’s EPMM software to manage mobile devices, apps, and content. However, a newly discovered bug (CVE-2023-35081) has been identified. This vulnerability is a path traversal flaw with a CVSS v3 rating of 7.2. It permits an attacker to write any files onto the appliance.
The company expressed gratitude towards cybersecurity firm Mnemonic for helping them identify a new vulnerability. Mnemonic warned in a blog post that remote file writing vulnerabilities can seriously compromise system security. Also, it is leading to various types of attacks, such as data breaches and system takeovers. Researchers from Mnemonic reported that the new EPMM vulnerability was exploited with CVE-2023-35078 to write Java server pages and Java .class files to disk.
Report from CISA
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging security teams to patch vulnerabilities recently reported by Ivanti. CISA specified that both CVE-2023-35081 and CVE-2023-35078 were being actively exploited. The patches newly released for CVE-2023-35081 also include patches for CVE-2023-35078.
CISA explained that if CVE-2023-35078 remains unpatched, attackers can gain EPMM administrator privileges, enabling them to write arbitrary files with the operating system privileges of the web application server. The agency warned that the attacker could execute the uploaded file, such as a web shell.
Last week, CISA added CVE-2023-35078 to its Known Exploited Vulnerabilities catalog and ordered all Federal Civilian Executive Branch government agencies to fix the issue by August 15. However, the agency has yet to take similar steps in regard to CVE-2023-35081.
How to avoid significant cyberattack?
Organizations that could potentially fall victim to cyberattacks should prioritize their defense. If a significant cyber attack does occur, it is recommended that the organization reset its cyber security approach and posture. After such an incident, every organization should reflect on its actions and decisions. This should serve as a lesson for not only government services but also companies.
- It’s crucial to implement strict access controls like strong passwords, multi-factor authentication (MFA), and role-based access control to prevent unauthorized access to sensitive data and systems.
- Keep your operating systems, software, and applications updated with the most delinquent security patches and updates to fix known vulnerabilities. Make sure to update these systems for optimal security regularly.
- One crucial responsibility for organizations is to adopt the Zero Trust principles, which can significantly enhance security measures by following the ‘trust-none, verify all’. Every user, device, and connection must be authenticated before access to your business network and its essential assets and sensitive data.
- It’s essential to stay up-to-date on the latest vulnerabilities and learn safe online practices to protect yourself and your team. Always be careful when sharing sensitive information online or with people you don’t know.
