Tuesday, November 12, 2024
HomeCyber Security NewsIvanti Sentry Flaw: Let Attackers Access Critical APIs Used for Configuration

Ivanti Sentry Flaw: Let Attackers Access Critical APIs Used for Configuration

Published on

Malware protection

An unauthenticated critical API access vulnerability was found in the Ivanti Sentry interface, which could allow a threat actor to gain access to sensitive APIs that can be used to access the Ivanti administrator portal and configure Ivanti Sentry.

This vulnerability can also be used to execute OS commands on the 

If an attacker succeeds in exploitation, the attacker will be able to configure Ivnati Sentry, execute system commands, or write files onto the system.

- Advertisement - SIEM as a Service

However, since this administrator portal uses port 8443, users who do not have their Ivanti administrator portal exposed over the internet have a low ratio of exploitation.

CVE-2023-38035: API Authentication Bypass

This vulnerability exists due to insufficient restrictive Apache HTTPD configuration that allows a threat actor to bypass authentication controls on the administrator portal of Ivanti.

The CVSS score for this vulnerability is yet to be confirmed. Nonetheless, Ivanti Sentry has provided a CVSS score of 9.8 (Critical). 

“Exploitation is only possible through the System Manager Portal, hosted on port 8443 by default.” reads the Knowledge Base (KB) article of Ivanti. 

Ivanti Sentry, which was formerly known as MobileIron Sentry, is a Unified Endpoint Management product that can be used by organizations to encrypt, manage, decrypt, and protect mobile devices and backend systems traffic.

Ivanti confirmed in their security advisory that this vulnerability does not affect other Ivanti products like Ivanti EPMM or Ivanti Neurons for MDM. Ivanti Sentry products with versions 9.18, 9.17, 9.16, and older versions are affected by this vulnerability. 

For fixing this vulnerability, Ivanti has provided a resolution involving steps to remediate this vulnerability. Ivanti also recommended users restrict external access to the administrator portal at 8443, which can only be accessed by IT administrators or an internal management network.

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...