Security News > 2024 > March > Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
![Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)](/static/build/img/news/ivanti-fixes-rce-vulnerability-reported-by-nato-cybersecurity-researchers-cve-2023-41724-medium.jpg)
Ivanti has fixed a critical RCE vulnerability in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre.
The vulnerability affects all supported version of Ivanti Standalone Sentry as well as older, unsupported ones.
Simultaneously, Ivanti has also announced available fixes for another critical vulnerability that affects Ivanti Neurons for ITSM - an IT service management solution for help desks and technical support teams.
CVE-2023-46808 has also been privately reported to Ivanti via its responsible disclosure program and the company says they are "Not aware of any customers being exploited by this vulnerability at the time of disclosure."
Ivanti has already applied the patch to all Ivanti Neurons for ITSM Cloud landscapes, the company noted.
Given the recent attacks involving the exploitation of 0-day and 1-day vulnerabilities in Ivanti Connect Secure VPN, Ivanti EPMM and MobileIron Core, Ivanti's advice for quick action is understandable.
News URL
https://www.helpnetsecurity.com/2024/03/20/cve-2023-41724-cve-2023-46808/
Related news
- High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) (source)
- PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) (source)
- SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) (source)
- Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (source)
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-31 | CVE-2023-46808 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Neurons for Itsm An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. | 9.9 |