Pierluigi Paganini
March 21, 2024
Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution.
An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
“An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.” reads the advisory.
This vulnerability affects all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also impacted.
The company urge customers to install the available versions 9.17.1, 9.18.1, and 9.19.1, which address the issue.
Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of the NATO Cyber Security Centre reported the vulnerability.
Ivanti is not aware of attacks in the wild exploiting the vulnerability CVE-2023-41724.
“We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Threat actors without a valid TLS client certificate enrolled through EPMM cannot directly exploit this issue on the Internet.” reads the advisory.
In early February, the Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways.
The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. Multiple threat actors are chaining these issues to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, DoS)
