Ivanti fixes 10.0 vulnerability in Endpoint Manager Mobile

B2B Cyber ​​Security ShortNews

Share post

The CISA - Cybersecurity and Infrastructure Security Agency - warns of the critical 10.0 vulnerability in Ivantis Endpoint Manager Mobile (EPMM) and recommends the immediate update. Otherwise unauthenticated access to API paths is possible. The update is ready.

The American CISA reports that the critical vulnerability with a maximum CVSS value of 10.0 in Ivantis for Endpoint Manager Mobile (EPMM) with CVE-2023-35078 should be closed immediately. Ivanti provides a corresponding update. The discovered vulnerability allows unauthenticated access to certain API paths. An attacker with access to these API paths could access personally identifiable information (PII) such as names, phone numbers, and other mobile device details of users of a vulnerable system. An attacker could also make other configuration changes, including creating an EPMM administrator account that could make further changes to a vulnerable system.

Vulnerability in EPMM already actively attacked

Ivanti reports that they have received information from a credible source that indicates this vulnerability is already being actively exploited. This vulnerability (CVE-2023-35078) affects the supported EPMM versions 11.10, 11.9 and 11.8. Older, unsupported versions are also affected.

Ivanti has released patches and provided support resources to customers. CISA urges users and organizations to comply with the safety notices and the Read Ivanti Knowledge Base articles (customer login only) and apply the required patches as soon as possible.

More at CISA.com

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more