Ivanti has disclosed a critical remote code execution vulnerability in its Standalone Sentry software and is strongly urging customers to apply patches immediately to prevent potential exploitation. The flaw tracked as CVE-2023-41724, carries a severity rating of 9.6 out of 10 on the CVSS scale.
Standalone Sentry, formerly known as MobileIron Sentry, is an appliance that acts as a gateway between devices and an organization's backend enterprise systems like Microsoft Exchange Server or SharePoint. If successfully exploited, the newly disclosed vulnerability could enable an unauthenticated attacker on the same network as the vulnerable system to execute arbitrary commands on the underlying operating system.
"There is a patch available now via the standard download portal," Ivanti stated in an advisory released this week. "We strongly encourage customers to act immediately to ensure they are fully protected."
The flaw impacts versions 9.17.0, 9.18.0, and 9.19.0 of Standalone Sentry, as well as older unsupported releases. Ivanti has emphasized that at the time of disclosure, it is not aware of any active exploitation attempts targeting this vulnerability in the wild. However, the severity of the issue and Ivanti's forceful guidance underscores the importance of promptly applying patches.
While the full technical details remain undisclosed, Ivanti noted that internet-based attackers without a valid TLS client certificate cannot directly exploit this flaw remotely. Still, the risk for networks hosting vulnerable Standalone Sentry appliances appears significant.
The CVE-2023-41724 vulnerability was reported to Ivanti through its responsible disclosure program by researchers Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of the NATO Cyber Security Centre. This center serves as NATO's frontline cyber defense, handling security, incident response and information assurance.
Ivanti says it identified the flaw internally late last year and developed a fix, adhering to its policy of disclosing vulnerabilities publicly once patches are available for non-actively exploited issues. Patches are available in versions 9.17.1, 9.18.1 and 9.19.1 for supported releases, while users of older unsupported versions must upgrade first before applying the fixes.
In addition to the Standalone Sentry flaw, Ivanti simultaneously disclosed another critical vulnerability impacting its Ivanti Neurons for ITSM product, used by helpdesks and technical support teams. This flaw, CVE-2023-46808, could allow authenticated attackers to write files to sensitive directories and execute commands via the web application.
These critical vulnerabilities add to Ivanti's recent security challenges. Just over a month ago, Ivanti was forced to reckon with actively exploited zero-day vulnerabilities in its Connect Secure VPN and Policy Secure appliances targeted by a China-linked threat group.
Ivanti's Sentry product itself was impacted by a similar vulnerability last year that enabled unauthenticated attackers to bypass authentication controls on the administrative interface.
Given the prominent role Ivanti's products play in secure access and device management for enterprises, these repeated vulnerabilities underscore the importance of prompt patching and remediation. Organizations using affected Ivanti solutions should prioritize assessing exposure and deploying the latest security updates to mitigate potential threats.