Blog
>
News
2
 Min read

Norwegian Government Targeted by Zero-Day Exploit

Published on 
Dec 26, 2023
Norwegian Government Targeted by Zero-Day Exploit

On Tuesday, the Norwegian National Security Authority (NSM) confirmed that a zero-day vulnerability, identified as CVE-2023-35078, was exploited to target the Norwegian government. The attack affected 12 Norwegian ministries and was executed through the ICT platform utilized by these ministries. Initially, the government did not disclose the name of the platform but later confirmed it to be Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The platform is used by all Norwegian ministries except for the Office of the Prime Minister, the Ministry of Defence, the Ministry of Justice and Public Security, and the Ministry of Foreign Affairs.

Erik Hope, Director General of the Norwegian Government Security and Service Organisation (DSS), stated that the vulnerability in the supplier’s software was previously unknown and had been exploited by an unknown third party. However, the vulnerability has now been fixed. The attack was detected on July 12 after unusual traffic was observed on the vulnerable mobile endpoint management platform.

CVE-2023-35078 is an authentication bypass vulnerability that grants remote unauthenticated API access to specific paths within EPMM. Through this exploit, an attacker could access personally identifiable information (PII), such as names, phone numbers, and other mobile device details of users on the compromised system. Additionally, the attacker could make various configuration changes, including creating an EPMM administrative account with further privileges.

Ivanti received information from a credible source confirming the exploitation of this vulnerability but stated that the impact was limited, affecting only a few customers. Nevertheless, it is crucial for organizations to upgrade to the fixed versions (11.10.0.2, 11.9.1.1, and 11.8.1.1) to address the issue.

The severity of the flaw is indicated by its “perfect” 10.0 CVSS score, and security researcher Kevin Beaumont warns that it is straightforward to exploit. He advises administrators to upgrade to the patched version as soon as possible. Shodan, an IoT search engine, identified over 2,900 internet-facing EPMM user portals, primarily in the US and Europe, raising concerns about potentially vulnerable systems.

Although rumors about the zero-day exploit emerged before Ivanti’s official disclosure, the company delayed the release to prevent further misuse. Sofie Nystrøm, director of the National Security Agency, emphasized the importance of the timely update and urged users to apply the security fix promptly.

The Norwegian National Cyber Security Center has taken action by notifying known system owners (businesses) in Norway that have MobileIron Core accessible on the internet about the released security update. However, it’s yet to be publicly shared whether other entities beyond the Norwegian government were affected by this attack.

By clicking "Accept" you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.