![]() ![]() Our investigations and the police investigations will provide more answers.” It is still too early to say anything about who is behind the attack or the extent of the attack. This vulnerability has been exploited by an unknown third party. In a statement, Erik Hope, Director General of the Norwegian Government Security and Service Organisation (DSS) said: “We have detected a previously unknown vulnerability in one of our suppliers’ software. The Norwegian National Security Authority (NSM) and the Norwegian Government Security and Service Organization (DSS) found the vulnerability but chose not to disclose any details until a patch was available. The vulnerability was discovered in Norway as a result of an investigation into a cyberattack on the ICT platform used by 12 ministries. Customers can find the detailed information and how to access and apply the remediations in Ivanti’s Knowledge Base article (login required). Ivanti has made a patch available for supported version 11.4 releases 11.10, 11.9 and 11.8 and recommends that you immediately take action to ensure you are fully protected. The CVE assigned to this vulnerability is:ĬVE-2023-35078 ( CVSS score 10 out of 10): Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain Personally Identifiable Information (PII), add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The affected Norwegian ministries used it to manage mobile devices used by government employees and grant remote access to government systems and applications. Ivanti EPMM is a mobile management software engine that enables IT to set policies for mobile devices, applications, and content. ![]() The vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, and impacts all supported versions as well as unsupported and end-of-life releases. ![]() We urge everyone else to take this vulnerability seriously and to patch as soon as possible since the vulnerability was used in a cyberattack on the ICT platform which is relied upon by 12 Norwegian ministries. All Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by Augto protect their networks against active threats. The Cybersecurity and Infrastructure Security Agency (CISA) added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |