Program services supplier Ivanti is warning of a new critical zero-working day flaw impacting Ivanti Sentry (previously MobileIron Sentry) that it said is getting actively exploited in the wild, marking an escalation of its security woes.
Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a situation of authentication bypass impacting versions 9.18 and prior thanks to what it identified as an owing to an insufficiently restrictive Apache HTTPD configuration.
“If exploited, this vulnerability allows an unauthenticated actor to entry some sensitive APIs that are utilized to configure the Ivanti Sentry on the administrator portal (port 8443, normally MICS),” the firm said.
“Although the issue has a higher CVSS score, there is a very low risk of exploitation for shoppers who do not expose port 8443 to the internet.”
Productive exploitation of the bug could allow for an attacker to adjust configuration, operate program commands, or produce information onto the technique. It’s advised that buyers prohibit obtain to MICS to inner management networks.
Although correct details encompassing the character of exploitation are at present unknown, the business explained it truly is “only conscious of a constrained quantity of buyers” who have been affected.
Norwegian cybersecurity organization mnemonic has been credited with exploring and reporting the flaw.
“Successful exploitation will allow an unauthenticated danger actor to examine and write documents to the Ivanti Sentry server and execute OS instructions as system administrator (root) as a result of use of ‘super consumer do’ (sudo),” it explained.
What’s more, CVE-2023-38035 could be weaponized following exploiting CVE-2023-35078 and CVE-2023-35081, two other not long ago disclosed flaws in the Ivanti Endpoint Manager Cell (EPMM) in situations in which port 8443 is not publicly available as the admin portal is employed to converse with the Ivanti EPMM server.
The progress comes a 7 days right after Ivanti mounted two critical stack-primarily based buffer overflow flaws (CVE-2023-32560) in its Avalanche software program that could guide to crashes and arbitrary code execution on vulnerable installations.
Located this report attention-grabbing? Stick to us on Twitter and LinkedIn to read through much more special information we publish.
Some parts of this article are sourced from:
thehackernews.com