Ivanti Releases Security Updates for Authentication Bypass Vulnerability Affecting Sentry
Ivanti customers have seen exploitation of CVE-2023-38035 in Sentry when port 8443 is exposed to the internet
Summary
Ivanti customers have seen exploitation of CVE-2023-38035 in Sentry when port 8443 is exposed to the internet
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Ivanti has released security updates to address an authentication bypass vulnerability known as CVE-2023-38035, which affects Ivanti Sentry, formerly known as MobileIron Sentry. The CVSSv3 score is 9.8, though Ivanti states that there is a low risk of exploitation for customers who do not expose port 8443 to the internet.
A remote, unauthenticated attacker could exploit this vulnerability to change configuration files, run system commands, or write files onto the system.
Exploitation of CVE-2023-38035
Ivanti reports that there has been exploitation of CVE-2023-38035. Exploitation is only possible though the System Manager Portal, hosted on port 8443 by default.
Remediation advice
Affected organisations are encouraged to review the following Ivanti documentation and apply any relevant security updates.
- Blog Post - CVE-2023-38035 - Vulnerability affecting Ivanti Sentry
- Security Advisory - CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface
- Knowledge Base article (detailed information on how to access and apply the remediation) - KB API Authentication Bypass on Sentry Administrator Interface - CVE-2023-38035
Definitive source of threat updates
- https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry
- https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
- https://forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US
Last edited: 22 August 2023 12:59 pm