Another actively exploited zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been identified and fixed.
Last week, we reported on a remote unauthenticated API access vulnerability affecting Ivanti EPMM having been exploited to target Norwegian ministries.
The company stated that the vulnerability has impacted a limited number of customers and has released a patch, but did not share any other details or indicators of compromise with the public.
The infosec community quickly ferreted out the vulnerable API endpoint, the nature of the vulnerability, how it can be exploited, and how organizations can check whether the vulnerability has been exploited in their systems.
CVE-2023-35081, discovered with the help of Mnemonic researchers, is a remote arbitrary file write vulnerability that could allow a threat actor to remotely create, modify, or delete files in the Ivanti EPMM server.
Ivanti has also stressed that, as far as they can currently tell, this vulnerability was not introduced into their code development process maliciously.