Hackers Actively Exploiting Zero-day Flaw in Ivanti Mobile Endpoint Manager Software
Ivanti ‘s mobile device management software EPMM(Endpoint manager mobile), aka Mobile iron core version lower than 11.8.1.0, was impacted by the actively exploited zero-day vulnerability. On Sunday, the company released the security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078. Ivanti is an asset management software system used to remotely inventory and manage desktop computers. It has the ability to report on installed software and hardware, allow remote assistance, and install security patches. If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.