Endpoint Security

New Zero-Day Bug Affects All Versions of Ivanti Sentry

Zero-Day Can Be Exploited by Chaining It With Last Month's Ivanti MobileIron Bugs
New Zero-Day Bug Affects All Versions of Ivanti Sentry
Image: Shutterstock

Mobile endpoint security vendor Ivanti disclosed a critical vulnerability that could allow an attacker to take complete control of an Ivanti Sentry gateway server, which stands between mobile devices and back-end infrastructure.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

The vulnerability, tracked as CVE-2023-38035, has a severity score of 9.8 and can be chained with the zero-days in Ivanti's Endpoint Manager Mobile platform that were disclosed earlier, for exploitation, said researchers at Mnemonic, who reported the bug.

Ivanti said it is aware of the bug being exploited in a limited number of customers but did not reveal further specifics.

Successful exploitation of CVE-2023-38035 allows an unauthenticated threat actor to read and write files to the Ivanti Sentry server and execute operating system commands as a system administrator using the "super user do," the researchers say.

An attacker can bypass authentication controls on the administrative interface due to an insufficient restrictive Apache HTTPD configuration, Ivanti said in a separate security advisory.

The exploitation of the latest zero-day is only possible in some API endpoints in the MobileIron Configuration Service, the System Manager Portal that runs by default on port 8443. "If port 8443 is not exposed to the internet, a threat actor requires internal access," the researchers said.

"The vulnerable System Manager Portal is used to communicate with the Ivanti EPMM server," they said, which allows CVE-2023-38035 to be chained with the zero-day bugs disclosed earlier.

Ivanti on July 23 patched a critically rated zero-day vulnerability in its Endpoint Manager Mobile platform - formerly known as MobileIron Core - after an unidentified threat actor used it to attack a dozen Norway government ministries (see: Ivanti Zero-Day Used in Norway Government Breach).

The company later released a second emergency patch (see: Ivanti Says Second Zero-Day Used in Norway Government Breach).

Government security agencies in Australia and Germany recommended that users update their vulnerable Sentry products.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.