Customers of Ivanti’s Endpoint Manager Mobile (EPMM) product have been alerted about a second zero-day vulnerability that has been used in targeted attacks.
A dozen government ministries in Norway were the target of a cyberattack on July 24 that used CVE-2023-35078, a zero-day vulnerability in Ivanti EPMM that enables an unauthenticated attacker to access sensitive data and modify impacted servers.
The existence of CVE-2023-3508, a high-severity flaw that permits an authenticated attacker with administrator privileges to remotely write arbitrary files to the server, was discovered after more research by cybersecurity company Mnemonic.
CVE-2023-35081 and CVE-2023-35078 can be used in conjunction to get around access control list (ACL) restrictions and admin authentication, according to vanti.
Read More: Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.