Update your enterprise software before hackers get to your data.
Warns Ivanti about a critical vulnerability in its Standalone Sentry product. It allows attackers to execute arbitrary commands remotely. The vulnerability, designated CVE-2023-41724, is rated 9.6 on the CVSS scale and affects all supported product versions, including 9.17.0, 9.18.0 and 9.19.0, as well as older versions.
The company strongly recommends that users immediately install the released patches (versions 9.17.1, 9.18.1 and 9.19.1) available through the standard download portal to protect themselves from possible cyber threats.
The company expressed its gratitude to experts from the NATO Cybersecurity Center for identifying the vulnerability.
According to Ivanti, there is no information about affected customers as a result of the operation of CVE-2023-41724 yet. The company also clarified that attackers without a valid TLS client certificate registered through EPMM cannot directly exploit this vulnerability over the Internet. This reduces potential opportunities for exploitation, although it does not completely eliminate them.
In recent months, Ivanti has almost never left the information radar, as vulnerabilities in its products are constantly used by hackers in all sorts of cyber attacks.
So, on March 11, it became known that thanks to the Ivanti vulnerability, attackers managed to hack the American Cybersecurity and Infrastructure Security Agency (CISA), which was a very ironic development of events, especially against the background of the fact that earlier CISA representatives for several months urged US federal agencies to update vulnerable Ivanti installations to a secure version. A shoemaker without boots, no doubt.
Warns Ivanti about a critical vulnerability in its Standalone Sentry product. It allows attackers to execute arbitrary commands remotely. The vulnerability, designated CVE-2023-41724, is rated 9.6 on the CVSS scale and affects all supported product versions, including 9.17.0, 9.18.0 and 9.19.0, as well as older versions.
The company strongly recommends that users immediately install the released patches (versions 9.17.1, 9.18.1 and 9.19.1) available through the standard download portal to protect themselves from possible cyber threats.
The company expressed its gratitude to experts from the NATO Cybersecurity Center for identifying the vulnerability.
According to Ivanti, there is no information about affected customers as a result of the operation of CVE-2023-41724 yet. The company also clarified that attackers without a valid TLS client certificate registered through EPMM cannot directly exploit this vulnerability over the Internet. This reduces potential opportunities for exploitation, although it does not completely eliminate them.
In recent months, Ivanti has almost never left the information radar, as vulnerabilities in its products are constantly used by hackers in all sorts of cyber attacks.
So, on March 11, it became known that thanks to the Ivanti vulnerability, attackers managed to hack the American Cybersecurity and Infrastructure Security Agency (CISA), which was a very ironic development of events, especially against the background of the fact that earlier CISA representatives for several months urged US federal agencies to update vulnerable Ivanti installations to a secure version. A shoemaker without boots, no doubt.
