Ivanti has disclosed yet another security flaw, a zero-day vulnerability in its Ivanti Sentry gateway which is being actively exploited in the wild.
Ivanti Sentry serves as a gatekeeper between mobile devices and a company’s ActiveSync server, such as a Microsoft Exchange Server.
In an advisory, Ivanti said that it was aware of only “a limited number of customers” being impacted by the flaw, which has a critical CVSS rating of 9.8 and is being tracked as CVE-2023-38035. There was a low risk of exploitation for customers who do not expose port 8443 to the internet.
If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal, commonly known as MobileIron Configuration Service (MICS).
Successful exploitation can be used to change configuration, run system commands, or write files onto the system. Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet.
Ivanti said the newly discovered Sentry vulnerability did not affect any of its other products, including Ivanti EPMM.
Ivanti has developed security updates, available as RPM scripts, to address the Sentry vulnerability, which impacts all currently supported versions of the solution (versions 9.18. 9.17 and 9.16).
Ivanti recommend customers first upgrade to a supported version and then apply the RPM script specifically designed for their version.