Threat Advisories

Ivanti Addressed Second Zero-Day Flaw Exploited by Attackers

August 3, 2023

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The zero-day vulnerability (CVE-2023-35081) in Ivanti EPMM enables admin-authenticated attackers to write arbitrary files, risking unauthorized access, OS command execution, and malicious web shell deployment. Urgent patching is crucial to prevent widespread impact and data compromise.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

CISA Known Exploited Vulnerability Catalog July 2023

STARK#MULE Targets South Korea with US Military-themed Baits