CISA issues new warning on actively exploited Ivanti MobileIron bugs

Teilen:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that state hackers have been exploiting two flaws in Ivanti’s Endpoint Manager Mobile (EPMM), formerly MobileIron Core, since April.

“Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July 2023 to gather information from several Norwegian organizations, as well as to gain access to and compromise a Norwegian government agency’s network,” CISA sagte on Tuesday.

“Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability.

“Consequently, CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks.”

One of the flaws (CVE-2023-35078), a critical authentication bypass vulnerability exploited as a zero-day in attacks targeting Norwegian government entities, can be chained with a second directory traversal flaw (CVE-2023-35081) that enables threat actors with admin privileges to deploy web shells.

The CVE-2023-35078 flaw enables attackers to create the EPMM administrative accounts required to chain the two security bugs.

Following successful exploitation, the threat actors can access specific API paths, potentially leading to personally identifiable information (PII) theft, with the compromised data containing names, phone numbers, and other mobile device details.

​The Norwegian Data Protection Authority (DPA) was also alerted after the attacks targeting Norwegian agencies’ networks, likely because of concerns that the hackers might have accessed and/or stolen sensitive data from the compromised government systems.

As Shodan reports, there are currently more than 2,300 accessible MobileIron user portals exposed on the internet, including over a dozen linked to U.S. local and state government agencies.

MobileIron user portals exposed on the Internet
MobileIron user portals exposed on the Internet (Shodan)

Today’s warning comes as a joint advisory issued in collaboration with Norway’s National Cyber Security Centre (NCSC-NO), and it follows an order asking U.S. federal agencies to patch one of these two actively exploited flaws by August 15.

CISA also ordered federal agencies on Monday to patch their systems against CVE-2023-35081 exploitation by August 21.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the U.S. cybersecurity agency warned one week ago.

Given this, security teams and administrators are advised to immediately upgrade Ivanti EPMM (MobileIron) to the most recent version to secure their systems from ongoing attacks.

They should also regard MDM systems as high-value assets (HVAs) requiring extra restrictions and monitoring since they can grant elevated access to networks of thousands of managed devices.

 

(c) Lawrence Abrams

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:26 am, Juli 11, 2025
Wetter-Symbol 17°C
L: 16° | H: 19°
aufgelockerte Bewölkung
Luftfeuchtigkeit: 81 %
Druck: 1021 mb
Wind: 3 mph SSE
Windböe: 6 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 45%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
16° | 19°°C 0 mm 0% 8 mph 77 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 7 mph 71 % 1015 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
18° | 28°°C 1 mm 100% 15 mph 84 % 1016 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
14° | 20°°C 1 mm 100% 14 mph 81 % 1017 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
18° | 19°°C 0 mm 0% 2 mph 77 % 1021 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
24° | 27°°C 0 mm 0% 2 mph 57 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 3 mph 32 % 1020 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
32° | 32°°C 0 mm 0% 4 mph 26 % 1018 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
21° | 21°°C 0 mm 0% 5 mph 57 % 1019 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 5 mph 66 % 1018 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€99,593.14
4.84%
Ethereum(ETH)
€2,537.36
6.75%
Fesseln(USDT)
€0.85
-0.01%
XRP(XRP)
€2.20
6.14%
Solana(SOL)
€140.63
4.16%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.169678
9.79%
Shiba Inu(SHIB)
€0.000012
8.24%
Pepe(PEPE)
€0.000011
15.23%
Peanut das Eichhörnchen(PNUT)
€0.250498
23.38%
Nach oben scrollen