CISA Warns About New Ivanti EPMM Vulnerabilities


The Cybersecurity and Infrastructure Security Agency (CISA) has warned about two vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM). The security flaws allowed threat actors to compromise 12 Norwegian government agencies.

Ivanti’s Endpoint Manager Mobile is a solution that lets IT admins secure and manage mobile devices in enterprise environments. They can enforce policies, deploy applications, and manage corporate data on various mobile platforms. It provides access to various tools such as Mobile Application Management (MAM), Mobile Content Management (MCM), and Mobile Device Management (MDM).

The security vulnerability (tracked as CVE-2023-35078) allows hackers to gain access to specific API paths without authorization and collect personal information. The flaw could also let malicious actors make configuration changes on compromised systems.

“Threat actors with access to these API paths can access PII such as names, phone numbers, and other mobile device details of users on the vulnerable system; make configuration changes to vulnerable systems; push new packages to mobile endpoints; and access Global Positioning System (GPS) data if enabled,” CISA explained in its security advisory.

Last month, Ivanti disclosed another vulnerability (CVE-2023-35081) in Endpoint Manager Mobile (EPMM). The flaw could enable malicious actors to upload arbitrary files to an EPMM web app server. Ivanti released security updates to address the vulnerability on July 28.

CISA advises organizations to upgrade Ivanti EPMM versions

According to CISA, hackers can chain both security vulnerabilities to gain administrative privileges, deploy web shells, and execute commands on compromised systems. They can bypass authentication, upload malicious files, and take over the management system as well as mobile devices.

CISA has directed federal agencies to patch the security vulnerabilities by August 21. It’s highly recommended that IT admins should upgrade to the latest version of Ivanti EPMM as soon as possible. They also need to enforce phishing-resistant multifactor authentication (MFA) for all employees in enterprise environments.