Important Security Alert: Patch Released for Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078

27.07.23

Threat Intelligence Alerts

Ivanti released a patch for a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core. The vulnerability, CVE-2023-35078, allows unauthorised access to potentially personal information and the ability to make changes to records.

The vulnerability affects all supported versions of EPMM, including 11.4 releases 11.10, 11.9, and 11.8. Older versions and releases are also vulnerable. Patches have been released for versions 11.8.1.1, 11.9.1.1, and 11.10.0.2. Organisations are urged to upgrade to a patched version as soon as possible.

The vulnerability was exploited in a zero-day attack against Norwegian government officials. It is suspected that some Scottish companies have not yet patched their systems.

If you use Ivanti Endpoint Manager Mobile, please immediately check your version and apply the patch. You can find more information about the vulnerability and the patch in the Ivanti Security Advisory.

Critical Zero-Day in Ivanti EPMM (Formerly MobileIron Core) Is Actively Exploited (CVE-2023-35078) (socradar.io)

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078) – Help Net Security

https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078