Application expert services service provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (previously MobileIron Sentry) that it stated is getting actively exploited in the wild, marking an escalation of its security woes.
Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been explained as a circumstance of authentication bypass impacting versions 9.18 and prior due to what it referred to as an thanks to an insufficiently restrictive Apache HTTPD configuration.
“If exploited, this vulnerability enables an unauthenticated actor to obtain some sensitive APIs that are utilized to configure the Ivanti Sentry on the administrator portal (port 8443, usually MICS),” the corporation said.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Although the issue has a high CVSS rating, there is a lower risk of exploitation for clients who do not expose port 8443 to the internet.”
Thriving exploitation of the bug could permit an attacker to improve configuration, run technique instructions, or publish files on to the procedure. It really is encouraged that end users restrict accessibility to MICS to inner management networks.
While correct details bordering the character of exploitation are now unknown, the business stated it really is “only informed of a limited variety of clients” who have been impacted.
Norwegian cybersecurity enterprise mnemonic has been credited with identifying and reporting the flaw.
“Productive exploitation allows an unauthenticated danger actor to go through and write information to the Ivanti Sentry server and execute OS instructions as process administrator (root) as a result of use of ‘super consumer do’ (sudo),” it reported.
What is extra, CVE-2023-38035 could be weaponized right after exploiting CVE-2023-35078 and CVE-2023-35081, two other a short while ago disclosed flaws in the Ivanti Endpoint Supervisor Cell (EPMM) in scenarios exactly where port 8443 is not publicly obtainable as the admin portal is utilised to converse with the Ivanti EPMM server.
The improvement arrives a 7 days immediately after Ivanti set two critical stack-based mostly buffer overflow flaws (CVE-2023-32560) in its Avalanche software program that could guide to crashes and arbitrary code execution on vulnerable installations.
Identified this short article appealing? Observe us on Twitter and LinkedIn to read much more special content material we write-up.
Some components of this write-up are sourced from:
thehackernews.com