New 0-day vulnerability CVE-2023-38035 in Ivanti Sentry

Posted on 2023-08-22 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]I don't know if administrators of Ivanti Mobileron solutions can still hear it: The vendor is currently warning about a new 0-day vulnerability CVE-2023-38035 in Ivanti Sentry (formerly MobileIron Sentry). Versions 9.18, 9.17 and 9.16 are affected. Older editions are also at risk, but are no longer supported.

Advertising

Ivanti Sentry is an inline gateway designed to manage, encrypt and secure traffic between the mobile device and backend enterprise systems. Now a vulnerability CVE-2023-38035 has been published in this software, which is pointed out in the following tweet.

Ivanti has issued a security advisory as of August 21, 2023 (Bleeping Computer picked it up here). The vulnerability, named CVE-2023-38035, affects Ivanti Sentry versions 9.18, 9.17, and 9.16. and possibly older editions. Other Ivanti products or solutions such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM are not affected by this vulnerability, it said.

An attacker can use the vulnerability to access some sensitive APIs used to configure Ivanti Sentry on the administrator portal (generally MICS) without authentication. Although the vulnerability has a high CVSS score of 9.8 (see this forum post), the risk of exploitation is low for customers who do not expose port 8443 to the Internet, it said.

A successful exploit can be used to change the configuration, execute system commands or write files to the system, according to Ivanti. Ivanti recommends that its customers limit access to MICS to internal management networks and not expose it to the Internet. So far, the vendor is aware of only a limited number of customers affected by CVE-2023-38035.

Advertising

Ivanti immediately provided RPM scripts to secure the vulnerability. Details on the mitigation can be read in this post. In general, Ivanti products have attracted attention for vulnerabilities in recent weeks after Norway's government was hacked via an Ivanti solution (see articles below).

Similar articles:
Patch your Ivanti EPMM – Norwegian government hacked via 0-day
Vulnerability CVE-2023-35082 in Ivanti MobileIron Core (up to version 11.2)

 

Advertising
This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).