Ivanti RCE flaw Let Attackers Execute Arbitrary Commands

Ivanti has been discovered with a new vulnerability on Ivanti Standalone Sentry that is associated with Remote code execution.

The CVE for this vulnerability has been assigned with CVE-2023-41724, and the severity was given as 9.6 (Critical).

However, Ivanti has acted swiftly upon this vulnerability and has released a security advisory to address it.

It is worth denoting that the Ivanti Connect Secure vulnerability previously discovered was one of the most exploited vulnerabilities in the wild by threat actors.

Ivanti Standalone Sentry – CVE-2023-41724

According to the reports shared with Cyber Security News, this particular vulnerability could allow an unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the affected device. 

However, as a prerequisite, the device must be within the same physical or logical network.

Additional prerequisite includes a valid TLS client certificate that must be enrolled through EPMM without which threat actors cannot exploit this vulnerability over the internet.

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

• The problem of vulnerability fatigue today
• Difference between CVSS-specific vulnerability vs risk-based vulnerability
• Evaluating vulnerabilities based on the business impact/risk
• Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Book Your spot

This vulnerability affects all supported versions of Ivanti Standalone Sentry versions 9.17.0, 9.18.0, and 9.19.0. Versions older than these mentioned Ivanti Standalone Sentry are also at risk, as Ivanti mentioned.

Moreover, Ivanti has credited multiple security researchers like Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of NATO Cyber Security Centre for their collaboration on this vulnerability.

Like the previous Ivanti Connect Secure, there are no reports of exploitation for this vulnerability.

Ivanti stated that the patch for this vulnerability is currently available on the standard download portal.

In addition, the company has also advised their customers to act immediately upon this issue and patch their products accordingly in order to ensure they are fully protected.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.