Ivanti Releases Urgent Patch for Zero-Day Vulnerability in Sentry Gateway
August 22, 2023
Ivanti has released a security patch to address a critical vulnerability in its Sentry security gateway product. The vulnerability, identified as CVE-2023-38035, is present in the interface that administrators use to set security policies and allows attackers to bypass authentication controls. This flaw affects all supported Sentry versions (918, 9.17, and 9.16), with older, unsupported versions also at risk.
If the vulnerability is exploited, it would enable an unauthenticated actor to access sensitive APIs used to configure Ivanti Sentry on the administrator portal (port 8443, commonly MICS), according to the company's statement. Successful exploitation could lead to unauthorized changes to the gateway's configuration, execution of system commands, and writing of arbitrary files on the system.
Ivanti has advised organizations to limit access to the administrator portal to internal management networks only and not to the Internet as a risk mitigation measure. The vulnerability has been given a severity rating of 9.8 out of a possible 10, indicating its critical nature. However, Ivanti states that the flaw poses minimal risk for organizations that do not expose port 8443 — for HTTPS or SSL encrypted web traffic — to the Internet.
While there have been media reports of the CVE-2023-38035 being actively exploited at the time of Ivanti's disclosure, the company has not confirmed these claims. The company has also not provided information on the number of customers potentially compromised by this vulnerability, instead referring to a blog and advisory published on the issue.
Ivanti has stated it is aware of only a 'very limited number of customers' being impacted by the vulnerability. Ivanti Sentry, formerly known as MobileIron Sentry, is part of Ivanti's broader portfolio of Unified Endpoint Management products. It serves as a gateway technology that enables organizations to manage, encrypt, and protect traffic between mobile devices and backend systems.
This is not the first time Ivanti has had to deal with vulnerabilities in its products. Last month, attackers exploited a remote API access vulnerability in the Ivanti Endpoint Manager (CVE-2023-35078) to breach systems of 12 Norwegian government agencies, leading to data theft, configuration changes, and admin account additions. Earlier this month, Ivanti disclosed another bug (CVE-2023-32560) in its Avalanche mobile management technology.
Ivanti has credited security vendor mnemonic for reporting the latest bug and states that it acted swiftly to address the issue by making RedHat Package Manager (RPM) scripts available for all supported versions. The company has warned that installing the incorrect RPM script could prevent the vulnerability from being remediated or cause system instability.
Related News
- Critical Vulnerability in Ivanti Sentry API Exploited in the Wild
- Ivanti Addresses Critical Flaws in Avalanche Enterprise MDM Solution
- Ivanti Reveals Critical Authentication Bypass Vulnerability in MobileIron Core
- CISA Catalog Includes Second Actively Exploited Ivanti EPMM Flaw
- Active Exploitation of New Vulnerability in Ivanti Endpoint Manager Mobile
Latest News
- CISA Adds Critical Adobe ColdFusion Vulnerability to Its Exploited Catalog
- Critical Vulnerability in Ivanti Sentry API Exploited in the Wild
- Juniper Networks Patches Critical Flaws in Switches and Firewalls
- Zero-Day Windows Error Reporting Service Vulnerability Exploited: PoC Code Released
- Cuba Ransomware Gang Exploits Veeam Vulnerability in Attacks on U.S. Critical Infrastructure
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.