CISA warns of active explitation of Ivanti EPMM max severity bug
Take action: If you are using Ivanti EPMM 11.2 or older, and still haven't patched it, it's high time to do the work. Lock Ivanti from the public internet immediately and start upgrading to newer product versions. Because it's being hacked.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software.
Data from Shodan reveals that about 6,300 Ivanti EPMM user portals are currently exposed online, with Shadowserver tracking 3,420 Internet-exposed EPMM appliances. Over 150 instances linked to government agencies globally are directly accessible via the Internet.
CISA has not provided specific details on the CVE-2023-35082's active exploitation, the vulnerability has been added to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.