A vital vulnerability affecting Ivanti Endpoint Supervisor Cell (EPMM), tracked as CVE-2023-35082, has been added to CISA’s Identified Exploited Vulnerabilities (KEV) Catalog.
The vulnerability has a CVSS rating of 9.8 and is an authentication bypass that features as a patch bypass for an additional vulnerability, CVE-2023-35078, with the very best CVSS rating of 10. That vulnerability was exploited within the wild in April 2023 in cyberattacks in opposition to the Norwegian authorities.
Based on Rapid7, a cybersecurity agency that found and reported the vulnerability, CVE-2023-35082 may be chained along with CVE-2023-35081 to permit a menace actor to jot down malicious Internet shell recordsdata, although it’s unknown how these vulnerabilities are being exploited within the wild.
All variations of Invanti Endpoint Supervisor are susceptible to being compromised, together with 11.10, 11.9, 11.8, and MobileIron Core 11.7. It is beneficial that federal businesses apply patches by the primary week of February.
This vulnerability comes simply days after Ivanti researchers reported two different zero-day vulnerabilities — CVE-2023-46805 and CVE-2024-21887 — which can be actively being exploited. Ivanti is offering mitigation assets for these flaws and reported that it is going to be launched patches in a staggered method on Jan. 22 and Feb. 19.
