CxoToday
CxoToday
HomePress ReleaseIvanti Discloses Third Zero-day Vulnerability: Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable
Press Release

Ivanti Discloses Third Zero-day Vulnerability: Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable

CXOtoday News DeskCXOtoday News Desk

The recent disclosure of CVE-2023-38035, an API authentication bypass vulnerability in Ivanti Sentry, is the third zero-day vulnerability disclosed in Ivanti products in the last month, which includes CVE-2023-35078 and CVE-2023-35081, two flaws in Ivanti’s Endpoint Mobile Manager (EPMM) product. The common thread between them is that two of the three zero-days (CVE-2023-35081 and CVE-2023-38035) were disclosed to Ivanti by researchers at mnemonic. The first two vulnerabilities were exploited as part of an attack chain observed in attacks against twelve Norwegian government ministries. We don’t have any definitive confirmation that CVE-2023-38035 was also used in those attacks, but Ivanti does note that CVE-2023-38035 was exploited as part of an attack chain that was preceded by the exploitation of CVE-2023-35078 and CVE-2023-35081. –Satnam Narang, Sr. Staff Research Engineer, Tenable

Tags :Tenable
add a comment

Leave a Response

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama