Software company Ivanti has patched another Endpoint Manager Mobile (EPMM, formerly MobileIron Core) vulnerability that has been exploited in the wild.
The flaw (CVE-2023-35081) is a path traversal issue that allows a remote hacker to perform directory traversal attacks. The vulnerability exists due to an input validation error when processing directory traversal sequences. A remote privileged user can send a specially crafted HTTP request and overwrite arbitrary files and compromise the affected system.
The vulnerability impacts all supported versions 11.10, 11.9 and 11.8. Older versions/releases are also at risk.
According to Ivanti, the new vulnerability can be weaponized in conjunction with CVE-2023-35078, a zero-day bug used in recent attacks on the Norwegian government. Ivanti released security updates addressing CVE-2023-35078 last week.
“Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user. As of now we are only aware of the same limited number of customers impacted by CVE-2023-35078 as being impacted by CVE-2023-35081,” the company said.
System owners are strongly advised to apply patches as soon as possible to prevent future attacks.