Security News > 2023 > August > Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software
2023-08-22 04:45

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry that it said is being actively exploited in the wild, marking an escalation of its security woes.

"If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal," the company said.

Norwegian cybersecurity company mnemonic has been credited with discovering and reporting the flaw.

"Successful exploitation allows an unauthenticated threat actor to read and write files to the Ivanti Sentry server and execute OS commands as system administrator through use of 'super user do'," it said.

What's more, CVE-2023-38035 could be weaponized after exploiting CVE-2023-35078 and CVE-2023-35081, two other recently disclosed flaws in the Ivanti Endpoint Manager Mobile in scenarios where port 8443 is not publicly accessible as the admin portal is used to communicate with the Ivanti EPMM server.

The development comes a week after Ivanti fixed two critical stack-based buffer overflow flaws in its Avalanche software that could lead to crashes and arbitrary code execution on vulnerable installations.


News URL

https://thehackernews.com/2023/08/ivanti-warns-of-critical-zero-day-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-21 CVE-2023-38035 Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
network
low complexity
ivanti CWE-863
critical
9.8
2023-08-03 CVE-2023-35081 Path Traversal vulnerability in Ivanti Endpoint Manager Mobile
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
network
low complexity
ivanti CWE-22
7.2
2023-07-25 CVE-2023-35078 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 9 64 115 60 248
Sentry 4 1 9 2 0 12