News

Security Snippets: Ivanti faced with a third critical vulnerability according to CISA

25 January 2024
Image
Image

CISA has added a new Ivanti vulnerability to its known exploited vulnerability catalogue. This vulnerability can be paired with other recently-reported vulnerabilities to permit threat actors to write malicious web shell files to the appliance.

CISA added a third vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) to its known exploited vulnerabilities (KEV) catalogue. This vulnerability is tracked as CVE-2023-35082 and has received a severity score of 9.8 out of 10—it can be used as a patch bypass for an additional Ivanti vulnerability that was used in against the Norwegian government in April 2023.

Previous Ivanti vulnerabilities have been addressed in Hogan Lovells thought leadership. Ivanti released a patch for the first vulnerability on January 22 and plans to release a patch for the second vulnerability on February 19. Ivanti is aware of CVE-2023-35082 and has encouraged customers to update their technology for the greatest possible protection.

CISA recommends federal agencies to apply patches to all existing vulnerabilities by February 8, 2024.

 

Authored by Nathan Salminen and Rachel Dalton.

Contacts

bio-image

Nathan Salminen

Partner

location Washington, D.C.

View more

Related topics

Related countries

Load more

Related keywords

Load more

Articles you may be interested in

image_1
News

Security Snippets: CISA publishes sector-specific cyber performance goals for IT and product design

17 January 2025
image_1
Insights and Analysis

New DOJ rule limits cross-border data transfers to protect national security

13 January 2025
image_1
News

The Influencers Podcast: From Courtroom to Cybercrime Prevention

18 December 2024
image_1
News

Security Snippets: Survey indicates that a large share of employees circumvent company cyber policies

18 December 2024
image_1
News

What is quantum computing and what’s all the fuss about it?

06 September 2024
image_1
News

Amid booming demand, NTIA seeks comment on U.S. data centers’ growth, resilience, and security

05 September 2024
image_1
News

The Data Chronicles: Net Neutrality alters the online ecosystem

23 May 2024
image_1
News

AI health care firms face increasing state law compliance concerns

23 May 2024
image_1
Insights and Analysis

Optimists see opportunities; pessimists see risk. Your counsel should see both.

20 May 2024
left_arrow
right_arrow

View more insights and analysis

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
See benefits
Register