Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology

  /     /     /  
Publicated : 23/11/2024   Category : security


Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology


Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.



Organizations using almost any version of the Ivanti Sentry security gateway product might want to immediately apply the security patch that the company released today to address what appears to be a zero-day vulnerability in the technology.
The vulnerability, tracked as 
CVE-2023-38035,
 
is present in the interface that administrators use to configure security policies and gives attackers a way to bypass authentication controls. The flaw affects all supported Sentry versions (9.18, 9.17, and 9.16). Older, non-supported versions and releases of Sentry are also at risk of exploit via the vulnerability.
If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS), the vendor said in a statement. 
An attacker that successfully exploits the bug can change the gateways configuration, execute system commands, and write arbitrary files on the system. To mitigate risk, organizations should restrict access to the administrator portal to only internal management networks and not to the Internet, Ivanti said.
The bug has a severity rating of 9.8 out of a possible 10, making it a critical issue. However, according to Ivanti, the flaw poses little risk for organizations that do not expose port 8443 — for HTTPS or SSL encrypted Web traffic — to the Internet.
At least one media report described attackers as already exploiting CVE-2023-38035 at the time Ivanti disclosed the flaw, which by definition would make it a zero-day bug. 
Ivanti itself did not directly respond to a Dark Reading request for confirmation of that characterization. Neither did it respond to a question seeking information on how many customers the attacker might have compromised so far. Instead, the company pointed to a 
blog post
 and an 
advisory
 that it published today on the vulnerability. Neither made any mention of active exploit activity targeting the flaw.
In a brief, two-sentence statement, Ivanti said it was aware of only a very limited number of customers being impacted by the vulnerability.
Ivanti Sentry, formerly MobileIron Sentry, is part of Ivantis broader portfolio of Unified Endpoint Management products. Its a gateway technology that allows organizations to manage, encrypt, and protect traffic between mobile devices and backend systems. Ivanti itself describes Sentry as serving as a sort of gatekeeper to an organizations Microsoft Exchange Server or other ActiveSync server or with backend systems such as Sharepoint server. Sentry can also be used as a Kerberos Key Distribution Center Proxy (KKDCP) server. 
Many companies have deployed such technologies in recent years to ensure remote workers can securely access enterprise applications and devices using personally owned and corporate-issued mobile devices. Their growing use has attracted increasing attention from security researchers and attackers. Just last month, for instance, attackers broke into systems belonging to 
12 Norwegian government agencies
 after finding and exploiting a remote API access vulnerability in the Ivanti Endpoint Manager. The bug, tracked as 
CVE-2023-35078,
 allowed attackers to access and steal data, change device configuration information, and add an admin account. Earlier this month, Ivanti disclosed another bug (
CVE-2023-32560
), this time in its Avalanche mobile management technology after Trend Micros Zero-Day Initiative reported the bug to the company.
Ivanti credited researchers at security vendor mnemonic for reporting the newest bug to the company. The company claimed it acted immediately to address the problem and have RedHat Package Manager (RPM) scripts available for all supported versions as soon as possible. The RPM scripts are customized for each version and organizations need to pay attention to which one they install in their environment, Ivanit warned. If the wrong RPM script is applied it may prevent the vulnerability from being remediated or cause system instability, the company noted.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology