Ivanti Alerts Customers to Critical Sentry RCE Vulnerability, Releases Urgent Patch

March 21, 2024

Ivanti, a leading IT software company, has disclosed a critical remote code execution flaw in its Standalone Sentry product. The vulnerability, known as CVE-2023-41724, is severe, with a Common Vulnerability Scoring System (CVSS) score of 9.6, indicating a high level of risk. The company has urged its customers to apply the provided fixes immediately to protect against potential cyber threats.

According to Ivanti, an unauthenticated threat actor could exploit this vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. The flaw affects all supported versions of the software, including 9.17.0, 9.18.0, and 9.19.0, as well as older versions. Ivanti has released a patch, available for download via the standard download portal, for versions 9.17.1, 9.18.1, and 9.19.1.

The company credited Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of NATO Cyber Security Centre for their collaboration on the issue. Ivanti also stated that it was not aware of any customers affected by CVE-2023-41724 and added that threat actors without a valid TLS client certificate enrolled through EPMM cannot directly exploit this issue on the internet.

Previous security flaws in Ivanti software have been exploited by at least three different suspected China-linked cyber espionage clusters, known as UNC5221, UNC5325, and UNC3886, according to Mandiant, a cybersecurity firm.

In related news, SonarSource, a coding analytics company, revealed a mutation cross-site scripting (mXSS) flaw impacting an open-source email client called Mailspring, also known as Nylas Mail (CVE-2023-47479). This flaw could be exploited to bypass sandbox and Content Security Policy (CSP) protections and achieve code execution when a user replies to or forwards a malicious email.

Yaniv Nizry, a security researcher, explained that mXSS takes advantage of a payload that seems innocent initially when parsing (during the sanitization process) but mutates it to a malicious one when re-parsing it (in the final stage of displaying the content).

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.