On January 18, 2023, the United States (US) Cybersecurity and Infrastructure Security Agency (CISA) added to the Known Exploited Vulnerability (KEV) Catalog CVE-2023-3508, a critical vulnerability (CVSS 9.8) impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core.
Impacted versions include 11.10 and older, and consisting of an authentication bypass enabling a potential remote unauthenticated attacker to gain unauthorized access to restricted functionality or resources of the application. Patches for this vulnerability were released last August when the flaw was first disclosed.
According to the CISA, there are no definite indications to attribute the exploitation in the wild to an identifiable actor. However, intelligence reports suggest a possible linkage to China-nexus actors. This assessment would be consistent with the recent reporting on exploitation of separate Ivanti vulnerabilities.