Ivanti has disclosed particulars of a critical remote code execution flaw impacting Standalone Sentry, urging consumers to apply the fixes right away to remain guarded versus probable cyber threats.
Tracked as CVE-2023-41724, the vulnerability carries a CVSS rating of 9.6.
“An unauthenticated danger actor can execute arbitrary commands on the underlying operating method of the equipment in just the exact same actual physical or sensible network,” the enterprise mentioned.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The flaw impacts all supported versions 9.17., 9.18., and 9.19., as properly as more mature variations. The enterprise mentioned it has built out there a patch (versions 9.17.1, 9.18.1, and 9.19.1) that can be downloaded by means of the conventional download portal.
It credited Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of NATO Cyber Security Centre for “their collaboration on this issue.”
Ivanti emphasised that it truly is not mindful of any consumers afflicted by CVE-2023-41724, and added that “threat actors devoid of a legitimate TLS shopper certification enrolled by means of EPMM cannot straight exploit this issue on the internet.”
Not long ago disclosed security flaws in Ivanti software package have been subject to exploitation by at minimum three unique suspected China-linked cyber espionage clusters tracked as UNC5221, UNC5325, and UNC3886, according to Mandiant.
The advancement will come as SonarSource unveiled a mutation cross-web site scripting (mXSS) flaw impacting an open-source email client referred to as Mailspring aka Nylas Mail (CVE-2023-47479) that could be exploited to bypass sandbox and Information Security Policy (CSP) protections and attain code execution when a consumer replies to or forwards a malicious email.
“mXSS can take benefit of that by supplying a payload that appears to be innocent initially when parsing (throughout the sanitization system) but mutates it to a destructive just one when re-parsing it (in the remaining phase of displaying the written content),” security researcher Yaniv Nizry explained.
Observed this short article interesting? Follow us on Twitter and LinkedIn to go through much more unique written content we write-up.
Some sections of this report are sourced from:
thehackernews.com
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug