Ivanti has disclosed information of a critical distant code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay secured from prospective cyber threats.
Tracked as CVE-2023-41724, the vulnerability carries a CVSS rating of 9.6.
“An unauthenticated danger actor can execute arbitrary instructions on the fundamental running system of the equipment within just the same physical or rational network,” the organization claimed.
The flaw impacts all supported versions 9.17., 9.18., and 9.19., as nicely as older versions. The firm stated it has manufactured out there a patch (variations 9.17.1, 9.18.1, and 9.19.1) that can be downloaded by using the regular down load portal.
It credited Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of NATO Cyber Security Centre for “their collaboration on this issue.”
Ivanti emphasised that it is really not conscious of any shoppers impacted by CVE-2023-41724, and additional that “risk actors without having a legitimate TLS customer certificate enrolled by way of EPMM cannot immediately exploit this issue on the internet.”
Lately disclosed security flaws in Ivanti computer software have been topic to exploitation by at minimum three distinctive suspected China-joined cyber espionage clusters tracked as UNC5221, UNC5325, and UNC3886, in accordance to Mandiant.
The enhancement will come as SonarSource uncovered a mutation cross-web-site scripting (mXSS) flaw impacting an open-resource email customer termed Mailspring aka Nylas Mail (CVE-2023-47479) that could be exploited to bypass sandbox and Content Security Policy (CSP) protections and achieve code execution when a consumer replies to or forwards a destructive email.
“mXSS requires edge of that by giving a payload that seems innocent to begin with when parsing (through the sanitization procedure) but mutates it to a destructive 1 when re-parsing it (in the final phase of displaying the articles),” security researcher Yaniv Nizry claimed.
Discovered this write-up exciting? Follow us on Twitter and LinkedIn to go through additional unique information we put up.
Some parts of this article are sourced from:
thehackernews.com