A major security breach at the Norwegian government announced yesterday has been traced back to a zero-day vulnerability in an Ivanti security product, for which a patch is now available.
Norway’s National Cyber Security Center (NCSC) revealed the news late yesterday local time.
“NCSC wishes to notify of an actively exploited zero-day vulnerability, CVE-2023-35078, in the product Ivanti Endpoint Manager (EPMM), formerly known as MobileIron Core. The vulnerability affects a number of versions of the software,” it said in a statement.
“NCSC has notified all known system owners in Norway who have MobileIron Core available on the internet about the available security update. NCSC recommends that the security updates be installed immediately.”
Read more on zero-day threats: Barracuda Zero-Day Exploited by Chinese Actor
Ivanti released an advisory about authentication bypass vulnerability CVE-2023-35078 on Monday, claiming it impacts all supported versions of the EPMM product.
“If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server,” the vendor said.
“We have received information from a credible source indicating exploitation has occurred. We continue to work with our customers and partners to investigate this situation. We are only aware of a very limited number of customers that have been impacted. We are actively working with our customers and partners to investigate this situation.”
Given its severity, the CVSS 10.0-rated zero-day bug should be a priority to patch for any affected customer.
Although the details are still unclear, unnamed attackers exploited the zero-day flaw to compromise 12 government ministries in the Scandinavian country. Norway’s National Security Authority (NSM) said that at the time of the press conference announcing the breach it was decided not to reveal the source of the vulnerability.
“If we had released the information about the vulnerability too early, it could have contributed to it being misused elsewhere in Norway and in the rest of the world,” argued NSM director, Sofie Nystrøm.
“The update is now generally available and it is prudent to announce what kind of vulnerability it is.”