Ivanti has patched a vulnerability in its software for the third time within a month. This time it involves an authentication bypass in Ivanti Sentry, formerly known as MobileIron Sentry.
Ivanti Sentry is a gateway that manages and encrypts traffic between companies’ mobile devices and underlying systems. The vulnerability known as CVE-2023-38035 is reportedly already being exploited on a limited scale and has a high priority score.
Affected Ivanti Sentry versions are v9.18 and earlier. Other Ivanti solutions are not vulnerable.
Bypassing authentication
The vulnerability bypasses authentication and lets hackers take over the gateway. First, however, they must gain access to administrative API port 8443 or a vulnerable Ivanti Sentry installation.
Through the API port, the hackers bypass authentication for the administrative interface through a not sufficiently restrictive Apache HTTPd configuration. This gives them access to several sensitive admin APIs for configuring Ivanti Sentry through the aforementioned port 8843.
The hackers can then change the configuration, execute system commands or write files to the affected system. The good news is that users who do not expose port 8843 to the Internet are at little risk.
Patch via RPM scripts
The device management specialist immediately released a patch in the form of RPM scripts for the affected versions, Each version of Ivanti Sentry received its own RPM script. Users should take care to use the right script for the right version. Otherwise, the fix will not work or the Sentry version will become unstable.
Third time in a month
The new vulnerability is the third discovered by Ivanti within a month. In late July, the remote authentication bypass vulnerability CVE-2023-35078 was discovered. This vulnerability in Ivanti Endpoint Manager Mobile (EPMM) affected 12 Norwegian ministries before it was patched.
A few days later, the same EPMM vulnerability surfaced, CVE-2023-35081. This vulnerability was patched almost immediately by the device management specialist.
Also read: Hackers have been exploiting zero-day in Ivanti software since April
2 days ago
