A zero-day authentication bypass vulnerability in Ivanti software was exploited to carry out an attack against a Norwegian government security and services organization.
According to reports, the attack affected the communication networks of 12 Norwegian government ministries. original statementprevent employees in these departments from accessing mobile services or email.
The government said the Prime Minister's Office, Ministry of Defence, Ministry of Justice and Emergency Preparedness and Ministry of Foreign Affairs were not affected.
What are the Ivanti security vulnerabilities?
according to Statement posted According to the Norwegian Security Authority, this flaw is a remote unauthenticated API access vulnerability (CVE-2023-35078) in Ivanti Endpoint Manager.
This bug allows remote attackers to obtain information, add administrator accounts, and change device configurations via authentication bypass. This vulnerability affects several software versions, including versions 11.4 and earlier. Versions and releases after 11.10 are also at risk.
a Statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) The vulnerability allows unauthenticated access to certain API paths, which cyber attackers can use to steal information such as names, phone numbers, and other mobile device details of users on vulnerable systems. may have access to your personally identifiable information (PII).
Tenable Senior Staff Research Engineer Satnam Narang mentioned in a blog post An attacker could leverage an unrestricted API path to modify the server's configuration files, resulting in the creation of a management account for the Endpoint Manager management interface known as EPMM (for Endpoint Manager Mobile). , you may be able to use that account. Make further changes to vulnerable systems.
according to Posted by Ivanti, the company had received information from a reliable source indicating that exploitation had occurred.follow up Ivanti's blog When we learned of the vulnerability, “we immediately mobilized resources to fix the issue and were able to provide patches to supported versions of the product. Customers using previous versions We have provided RPM scripts to assist with remediation.”
The company also said it is aware that only a limited number of customers have been affected and is actively working with customers and partners to investigate the situation.
What is the government's response?
The Norwegian National Cyber Security Authority is in ongoing dialogue with Ivanti and other partners to limit the impact of this vulnerability and is working to reduce and minimize the risk this vulnerability may pose in Norway and globally. He said a number of measures have been taken to limit the number of cases. .
All known MobileIron Core users in Norway are aware of the available security update and the government recommends that they install it immediately.
“This vulnerability is unique and was first discovered here in Norway,” said Sophie Nyström, director of the Norwegian National Security Agency. That may have been a contributing factor.” “This update is now being rolled out not only in Norway but around the world, and it would be wise to make public what kind of vulnerability it is.”
