A critical vulnerability exists in Ivanti Sentry, formerly known as MobileIron Sentry, and attackers are actively exploiting it. The manufacturer has now released an update for this zero-day gap that is intended to close it.
Ivanti Sentry manages and encrypts traffic between mobile devices and corporate systems. In version 9.18 and earlier of the software, remote attackers can access sensitive APIs without prior login that allow them to configure Sentry on the admin portal. If successful, malicious actors can change the configuration, issue system commands, or write files in the system (CVE-2023-38035, CVSS 9.8, risk “critical”). According to the vulnerability description, attackers can bypass the authentication of the management interface due to an insufficiently restrictive Apache HTTPD configuration.
Zero-Day-Gap: Anything Happen?
In the security advisory, Ivanti writes that the risk of abuse is low, although the vulnerability has a high CVSS score for customers who do not expose the port 8443 on which the service runs on the Internet. This is also Ivanti’s recommendation to restrict access to the port. The company is currently only aware of a limited number of customers who are affected by the gap.
In a knowledgebase entry, Ivanti clarifies that the company is aware of the abuse of the vulnerability by some customers. The manufacturer provides RPM packages for versions 9.18, 9.17 and 9.16 that are intended to close the gap in the respective versions. Versions that are no longer supported cannot be protected in this way, adds Ivanti. Administrators should make sure to use the correct RPM for the installed version, otherwise the patch will either be ineffective or unwanted side effects may occur.
IT managers should apply the updates as soon as possible. Earlier this month, Ivanti warned of a critical vulnerability in the MobileIron mobile device management software. Since the affected software versions were no longer supported, the solution was to update to the successor product Endpoint Manager Mobile (EPMM).
Go to home page
#Critical #vulnerability #Ivanti #Sentry #exploited