Headline
Ivanti Sentry critical vulnerability—don't play dice, patch
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti
Tags: Sentry
Tags: MobileIron
Tags: CVE-2023-38035
Tags: MICS
Tags: port 8443
There is some uncertainty about whether a vulnerability in Ivanti Sentry is being exploited in the wild, but why take the risk when you can patch?
(Read more…)
The post Ivanti Sentry critical vulnerability—don’t play dice, patch appeared first on Malwarebytes Labs.
Ivanti has published a security blog post about a vulnerability in Ivanti Sentry, formerly MobileIron Sentry. Successful exploitation of the vulnerability would enable an unauthenticated attacker to access some sensitive APIs that are used to configure Ivanti Sentry on the administrator portal (commonly, MICS).
Ivanti Sentry is a gateway technology that allows organizations to manage, encrypt, and protect traffic between mobile devices and backend systems. The technology helps organizations to securely access enterprise applications and devices using personally owned and corporate-issued mobile devices.
This vulnerability impacts all supported versions (Versions 9.18. 9.17 and 9.16). Older versions are also at risk. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM.
Ivanti has made RPM scripts available now for all supported versions. It recommends customers first upgrade to a supported version and then apply the RPM script specifically designed for their version. More detailed information is available in this Security Advisory. Each script is customized for a single version and if the wrong RPM script is applied it may prevent the vulnerability from being remediated or cause system instability.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE patched in this update is CVE-2023-38035, which has a CVSS score of 9.8 out of 10. It’s described as a security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
A remote, unauthenticated attacker could exploit this vulnerability to change configuration files, run system commands, or write files to the system.
Reportedly, Ivanti customers have seen exploitation of CVE-2023-38035 in Sentry when port 8443 is exposed to the Internet. Port 8443 is commonly used for HTTPS (encrypted) web traffic. Users that are not ready to update to a supported version or don’t have the opportunity to run the script, are advised to close port 8443.
Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet, which would then require any attacker to gain internal access first.
While we are not completely sure if this vulnerability is used in the wild, two previous vulnerabilities in Ivanti Endpoint Manager Mobile Authentication (EPMM) listed as CVE-2023-35078 and CVE-2023-35081were both subject to active exploitation.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.
Related news
Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an
This Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35081 Tags: CVE-2023-35078 Tags: tomcat Tags: arbitrary file write Tags: ACL Tags: upgrade Ivanti has issued a patch to address a second critical zero-day vulnerability (Read more...) The post Ivanti patches second zero-day vulnerability being used in attacks appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35081 Tags: CVE-2023-35078 Tags: tomcat Tags: arbitrary file write Tags: ACL Tags: upgrade Ivanti has issued a patch to address a second critical zero-day vulnerability (Read more...) The post Ivanti patches second zero-day vulnerability being used in attacks appeared first on Malwarebytes Labs.
Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian
Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "
Categories: Exploits and vulnerabilities Categories: News Tags: Norwegian ministries Tags: ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35078 Tags: patch A patch is now available for an Ivanti EPMM vulnerability that was used in a cyberattack on the ICT platform which is relied upon by a dozen Norwegian ministries. (Read more...) The post Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild appeared first on Malwarebytes Labs.
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as