Security News > 2023 > August > Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry that it said is being actively exploited in the wild, marking an escalation of its security woes.
"If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal," the company said.
Norwegian cybersecurity company mnemonic has been credited with discovering and reporting the flaw.
"Successful exploitation allows an unauthenticated threat actor to read and write files to the Ivanti Sentry server and execute OS commands as system administrator through use of 'super user do'," it said.
What's more, CVE-2023-38035 could be weaponized after exploiting CVE-2023-35078 and CVE-2023-35081, two other recently disclosed flaws in the Ivanti Endpoint Manager Mobile in scenarios where port 8443 is not publicly accessible as the admin portal is used to communicate with the Ivanti EPMM server.
The development comes a week after Ivanti fixed two critical stack-based buffer overflow flaws in its Avalanche software that could lead to crashes and arbitrary code execution on vulnerable installations.
News URL
https://thehackernews.com/2023/08/ivanti-warns-of-critical-zero-day-flaw.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-21 | CVE-2023-38035 | Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | 9.8 |
2023-08-03 | CVE-2023-35081 | Path Traversal vulnerability in Ivanti Endpoint Manager Mobile A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | 7.2 |
2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |