Critical Vulnerability in Ivanti Sentry API Exploited in the Wild

August 21, 2023

Ivanti, a US-based IT software firm, has alerted its users about a severe vulnerability in its Sentry API that is currently being exploited in real-time. The vulnerability, identified as CVE-2023-38035, allows attackers who have not been authenticated to access sensitive administrative portal configuration APIs via port 8443.

Ivanti Sentry, formerly known as MobileIron Sentry, is a crucial part of many corporate digital ecosystems. It serves as a gatekeeper for major platforms like Microsoft Exchange Server and backend powerhouses like Sharepoint in MobileIron deployments. It also functions as a Kerberos Key Distribution Center Proxy (KKDCP) server.

The vulnerability, CVE-2023-38035, has a high CVSS score of 9.8 and affects the MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and lower. The issue arises from an inadequately protected Apache HTTPD configuration, which provides attackers with an unrestricted pathway to bypass the authentication controls on the admin interface. This security flaw potentially gives unauthenticated attackers unparalleled access to the sensitive admin portal configuration APIs on port 8443, specific to the MobileIron Configuration Service (MICS). Importantly, this vulnerability does not affect other Ivanti products like Ivanti EPMM or Ivanti Neurons for MDM.

Once inside the system, attackers can potentially alter settings, execute system commands, or write files onto the system, compromising the integrity of the system. In their official statement, Ivanti strongly recommended that “Customers should insulate MICS access to internal management networks and staunchly resist any exposure to the internet.”

Ivanti has responded swiftly to this issue. A security patch addressing this vulnerability was quickly released following its discovery. In their most recent communication, Ivanti stated that this vulnerability impacted only a 'limited number of customers.'

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.