Monday, June 17, 2024

Ivanti Sentry Flaw: Let Attackers Access Critical APIs Used for Configuration

An unauthenticated critical API access vulnerability was found in the Ivanti Sentry interface, which could allow a threat actor to gain access to sensitive APIs that can be used to access the Ivanti administrator portal and configure Ivanti Sentry.

This vulnerability can also be used to execute OS commands on the 

If an attacker succeeds in exploitation, the attacker will be able to configure Ivnati Sentry, execute system commands, or write files onto the system.

However, since this administrator portal uses port 8443, users who do not have their Ivanti administrator portal exposed over the internet have a low ratio of exploitation.

CVE-2023-38035: API Authentication Bypass

This vulnerability exists due to insufficient restrictive Apache HTTPD configuration that allows a threat actor to bypass authentication controls on the administrator portal of Ivanti.

The CVSS score for this vulnerability is yet to be confirmed. Nonetheless, Ivanti Sentry has provided a CVSS score of 9.8 (Critical). 

“Exploitation is only possible through the System Manager Portal, hosted on port 8443 by default.” reads the Knowledge Base (KB) article of Ivanti. 

Ivanti Sentry, which was formerly known as MobileIron Sentry, is a Unified Endpoint Management product that can be used by organizations to encrypt, manage, decrypt, and protect mobile devices and backend systems traffic.

Ivanti confirmed in their security advisory that this vulnerability does not affect other Ivanti products like Ivanti EPMM or Ivanti Neurons for MDM. Ivanti Sentry products with versions 9.18, 9.17, 9.16, and older versions are affected by this vulnerability. 

For fixing this vulnerability, Ivanti has provided a resolution involving steps to remediate this vulnerability. Ivanti also recommended users restrict external access to the administrator portal at 8443, which can only be accessed by IT administrators or an internal management network.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles