ACSC publishes critical alert on Ivanti Sentry error
The Australian Cyber Security Center (ACSC) rated a vulnerability in the Ivanti Sentry MICS management portal as critical and said the company is aware that threat actors are already exploiting the flaw.
The vulnerability (CVE-2023-38035) can allow a hacker to access the administration portal and make changes to its configuration, as well as create files and execute commands.
So far, the ACSC has not observed any of Ivanti’s Australian clients being exploited, although Ivanti has observed it being used in the wild.
According to the ACSC, any Australian organization running Ivanti Sentry version 9.18.0, or any earlier version, should update the software to the latest versions as soon as possible.
In the words of the Ivanti product page itself, Ivanti Sentry is “an online gateway that manages, encrypts and secures traffic between the mobile device and back-end business systems.”
Ivanti has said that while its Sentry product is affected, its other products are not affected.
“For now, we are only aware of a limited number of customers affected by CVE-2023-38035,” Ivanti said in an advisory.
“Upon learning of the vulnerability, we immediately mobilized resources to address the issue and now have RPM scripts available for supported versions. Each script is customized for a single version.”
Ivanti had a number of recently disclosed vulnerabilities, including one, CVE-2023-35081, Ivanti Endpoint Manager Mobile. Instructions on how to exploit the vulnerability were sold on a popular leak forum as early as August 5.