Ivanti Urgently Repairs API Authentication Bypass 0day Vulnerability

News 2023-08-26 11:25:57 views: null

5f696b2923f3fdcef90234c3c94606d2.gif Focus on source code security, collect the latest information at home and abroad!

Compile: Code Guard

Organizations using virtually any version of the Ivanti Sentry security gateway product should immediately apply Ivanti's emergency zero-day patch released today.

7e43a8d930ff0eb7ab534eca3fee166c.png

The vulnerability, tracked as CVE-2023-38035, resides in the interface administrators use to configure security policies and allow attackers to bypass authentication controls. The vulnerability affects all supported Sentry versions (9.18, 9.17, and 9.16). Older unsupported versions and releases of Sentry are also vulnerable to exploitation.

5bd6b7ee2cff7f3f8ddfe49f25f2164e.gif

unauthenticated access

28805dfde26d3cba1c487f8a44de334e.png

"If exploited, this vulnerability could allow an unauthenticated attacker to access certain sensitive APIs used to configure Ivanti Sentry on the admin portal (port 8443)," Ivanti said in a statement.

An attacker who successfully exploited this vulnerability could change the gateway configuration, execute system commands, and write arbitrary files on the system. To mitigate risk, organizations should restrict access to the administrator port to the internal management network rather than the Internet.

The CVSS score of this vulnerability is 9.8, which belongs to the "critical" level vulnerability. However, Ivanti notes that organizations that do not expose port 8443 are almost unaffected. At least one media outlet reported that at the time Ivanti disclosed the vulnerability, attackers were exploiting CVE-2023-38035, making it a zero-day by definition.

Ivanti declined to comment for this story, nor did it say whether the exploit existed. The company simply mentioned that it found only a "small number of customers" affected by the bug.

82ec9454a745fd2e56d693c48081ebdf.gif

favored target

63ee1e54b4edef14fa39e02a1ce6f921.png

Ivanti Sentry, formerly known as MobileIron Sentry, is one of Ivanti's unified endpoint management products. It is a gateway technology that enables organizations to manage, encrypt and secure traffic between mobile devices and back-end systems. Ivanti likens Sentry to a gatekeeper for an organization's Microsoft Exchange Server or other ActiveSync servers or back-end systems such as Sharepoint servers. Sentry can be used as a Kerberos Key Distribution Center Proxy (KKDCP) server.

Many companies have deployed this type of technology in recent years to ensure that remote employees can securely access corporate applications and devices through personally owned and company-issued mobile devices. The growing use of these technologies has attracted more and more security researchers and attackers. For example, just last month, attackers found and exploited a remote API access vulnerability in Ivanti Endpoint Manager that compromised the systems of 12 Norwegian government agencies. The vulnerability, numbered CVE-2023-35078, could allow attackers to access and steal data, change device configuration information, and add administrator accounts. Earlier this month, Ivanti disclosed another vulnerability (CVE-2023-32560) in Avalanche mobility management technology after receiving a filing from ZDI.

Ivanti thanks researchers at security vendor Mnemonic for reporting the latest vulnerability. Ivanti mentioned that the company took immediate steps to fix the vulnerability and release available RedHat Package Manager (RPM) scripts for all supported versions as soon as possible. These RPM scripts are customized for each release, and organizations should be aware of which version of the environment applies. "If the wrong RPM script is applied, it can prevent bug fixes or cause system instability," the company said.

Code Guard Trial Address: https://codesafe.qianxin.com

Open source guard trial address: https://oss.qianxin.com

recommended reading

Online reading version: "2023 China Software Supply Chain Security Analysis Report" full text

Qi Anxin released the "2023 China Software Supply Chain Security Analysis Report" The systematic security governance of the open source software supply chain needs to be accelerated

Qi Anxin was selected as the representative manufacturer of the global "Static Application Security Testing Panorama"

Qi Anxin was selected as the representative manufacturer in the global "Panorama of Software Component Analysis"

Norwegian government agencies were attacked, and hackers used more than a 0day of IT giant Ivanti

OWASP releases list of top 10 API security risks for 2023

Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service

Original link

https://www.darkreading.com/attacks-breaches/ivanti-issues-fix-for-critical-vuln-in-its-sentry-gateway-technology

Title image: Pexels License

This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qi Anxin Code Guard https://codesafe.qianxin.com".

d8ac0aaed2276366f079644cac5807d9.jpeg

5f091e0bf8e8f71bb459e5c729d9574b.jpeg

Qi Anxin code guard (codesafe)

The first domestic product line focusing on software development security.

   7d57958b65df11ae96ce544b88f8a76b.gif If you feel good, just click "Looking" or "Like"~

Guess you like

Origin blog.csdn.net/smellycat000/article/details/132439945
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com