Ivanti, a software company, has issued a warning to its customers about a second zero-day vulnerability in its Endpoint Manager Mobile (EPMM) product. The first zero-day, CVE-2023-35078, was exploited in a cyberattack targeting Norwegian government ministries. The newly discovered vulnerability, CVE-2023-35081, allows an authenticated attacker with administrator privileges to remotely write arbitrary files to the server, potentially executing OS commands on the appliance. It can be exploited in conjunction with CVE-2023-35078 to bypass admin authentication and access control list (ACL) restrictions. While the attackers behind the exploits are yet unknown, they are likely state-sponsored. Organizations are urged to patch their systems to prevent potential attacks.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.