Satnam

The recent disclosure of CVE-2023-38035, an API authentication bypass vulnerability in Ivanti Sentry, is the third zero-day vulnerability disclosed in Ivanti products in the last month, which includes CVE-2023-35078 and CVE-2023-35081, two flaws in Ivanti’s Endpoint Mobile Manager (EPMM) product. The common thread between them is that two of the three zero-days (CVE-2023-35081 and CVE-2023-38035) were disclosed to Ivanti by researchers at mnemonic. The first two vulnerabilities were exploited as part of an attack chain observed in attacks against twelve Norwegian government ministries. We don’t have any definitive confirmation that CVE-2023-38035 was also used in those attacks, but Ivanti does note that CVE-2023-38035 was exploited as part of an attack chain that was preceded by the exploitation of CVE-2023-35078 and CVE-2023-35081. –Satnam Narang, Sr. Staff Research Engineer, Tenable