Pierluigi Paganini August 22, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035.

The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

The vulnerability could be exploited to access sensitive API data and configurations, run system commands, or write files onto the system. The vulnerability CVE-2023-38035 impacts Sentry versions 9.18 and prior.

“If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS). While the issue has a high CVSS score, there is a low risk of exploitation for customers who do not expose port 8443 to the internet.” reads the advisory published by the company. Successful exploitation can be used to change configuration, run system commands, or write files onto the system. Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet.”

The company is aware of a limited number of customers impacted by this vulnerability

The company pointed out that there is a low risk of exploitation for customers who do not expose port 8443 to the internet.

Ivanti recommends that customers restrict access to MICS to internal management networks and avoid exposing this to the internet.

Other issues, tracked as CVE-2023-35078 and CVE-2023-35081, in the software Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core, were actively exploited since April by nation-state actors.

The zero-day vulnerability CVE-2023-35078 was exploited by threat actors in recent attacks against the ICT platform used by twelve ministries of the Norwegian government.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ivanti)