Mastodon Feed
Reblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
shadowserver@infosec.exchange ("The Shadowserver Foundation") wrote:
The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO released a joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 (a pre-auth CVSS 10.0 RCE) and CVE-2023-35081 in Ivanti Endpoint Manager Mobile (EPMM) (formerly known as MobileIron Core).
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Please follow the mitigation advice from the advisory.
You can track the Ivanti EPMM world-wide patching progress here - https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2023-35078%2B&group_by=geo&style=stacked
Still 865 instances vulnerable (2023-07-31) - down from 2729 when we first started scanning and reporting for CVE-2023-35078.
Get free daily reports of vulnerable instances in your network in our Vulnerable HTTP report - https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/
You can also track CVE-2023-35078 exploitation attempts/checks at https://dashboard.shadowserver.org/statistics/honeypot/time-series/?date_range=7&host_type=src&vendor=ivanti&vulnerability=cve-2023-35078&group_by=geo&style=stacked
Latest patch info from Ivanti - https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US