Security News > 2023 > August > Exploit released for Ivanti Sentry bug abused as zero-day in attacks
![Exploit released for Ivanti Sentry bug abused as zero-day in attacks](/static/build/img/news/exploit-released-for-ivanti-sentry-bug-abused-as-zero-day-in-attacks-medium.jpg)
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems.
Successful exploitation can let them run system commands or write files onto systems running Ivanti Sentry versions 9.18 and prior.
According to a Shodan search, more than 500 Ivanti Sentry instances are currently exposed online.
Ivanti warns of new actively exploited MobileIron zero-day bug.
Ivanti patches MobileIron zero-day bug exploited in attacks.
Exploit released for new Arcserve UDP auth bypass vulnerability.
News URL
Related news
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- Microsoft fixes a bug abused in QakBot attacks plus a second under exploit (source)
- PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) (source)
- QNAP QTS zero-day in Share feature gets public RCE exploit (source)
- GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack (source)