Focus on source code security, collect the latest information at home and abroad!
Compile: Code Guard
Organizations using virtually any version of the Ivanti Sentry security gateway product should immediately apply Ivanti's emergency zero-day patch released today.
The vulnerability, tracked as CVE-2023-38035, resides in the interface administrators use to configure security policies and allow attackers to bypass authentication controls. The vulnerability affects all supported Sentry versions (9.18, 9.17, and 9.16). Older unsupported versions and releases of Sentry are also vulnerable to exploitation.
unauthenticated access
"If exploited, this vulnerability could allow an unauthenticated attacker to access certain sensitive APIs used to configure Ivanti Sentry on the admin portal (port 8443)," Ivanti said in a statement.
An attacker who successfully exploited this vulnerability could change the gateway configuration, execute system commands, and write arbitrary files on the system. To mitigate risk, organizations should restrict access to the administrator port to the internal management network rather than the Internet.
The CVSS score of this vulnerability is 9.8, which belongs to the "critical" level vulnerability. However, Ivanti notes that organizations that do not expose port 8443 are almost unaffected. At least one media outlet reported that at the time Ivanti disclosed the vulnerability, attackers were exploiting CVE-2023-38035, making it a zero-day by definition.
Ivanti declined to comment for this story, nor did it say whether the exploit existed. The company simply mentioned that it found only a "small number of customers" affected by the bug.
favored target
Ivanti Sentry, formerly known as MobileIron Sentry, is one of Ivanti's unified endpoint management products. It is a gateway technology that enables organizations to manage, encrypt and secure traffic between mobile devices and back-end systems. Ivanti likens Sentry to a gatekeeper for an organization's Microsoft Exchange Server or other ActiveSync servers or back-end systems such as Sharepoint servers. Sentry can be used as a Kerberos Key Distribution Center Proxy (KKDCP) server.
Many companies have deployed this type of technology in recent years to ensure that remote employees can securely access corporate applications and devices through personally owned and company-issued mobile devices. The growing use of these technologies has attracted more and more security researchers and attackers. For example, just last month, attackers found and exploited a remote API access vulnerability in Ivanti Endpoint Manager that compromised the systems of 12 Norwegian government agencies. The vulnerability, numbered CVE-2023-35078, could allow attackers to access and steal data, change device configuration information, and add administrator accounts. Earlier this month, Ivanti disclosed another vulnerability (CVE-2023-32560) in Avalanche mobility management technology after receiving a filing from ZDI.
Ivanti thanks researchers at security vendor Mnemonic for reporting the latest vulnerability. Ivanti mentioned that the company took immediate steps to fix the vulnerability and release available RedHat Package Manager (RPM) scripts for all supported versions as soon as possible. These RPM scripts are customized for each release, and organizations should be aware of which version of the environment applies. "If the wrong RPM script is applied, it can prevent bug fixes or cause system instability," the company said.
Code Guard Trial Address: https://codesafe.qianxin.com
Open source guard trial address: https://oss.qianxin.com
recommended reading
Online reading version: "2023 China Software Supply Chain Security Analysis Report" full text
Norwegian government agencies were attacked, and hackers used more than a 0day of IT giant Ivanti
OWASP releases list of top 10 API security risks for 2023
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
Original link
https://www.darkreading.com/attacks-breaches/ivanti-issues-fix-for-critical-vuln-in-its-sentry-gateway-technology
Title image: Pexels License
This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qi Anxin Code Guard https://codesafe.qianxin.com".
Qi Anxin code guard (codesafe)
The first domestic product line focusing on software development security.
If you feel good, just click "Looking" or "Like"~