Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Incorrect authentication settings expose companies to loss of confidential data.
An American software developer, Ivanti, has warned customers that a critical Sentry API authentication bypass vulnerability is being exploited in real-world conditions (In The Wild, ITW).
Ivanti Sentry (formerly MobileIron Sentry) functions as an access control device (gatekeeper) to corporate ActiveSync servers (Microsoft Exchange Server) or internal resources (such as Sharepoint servers in the MobileIron solution environment), and can also serve as a proxy server for the Kerberos Key Distribution Center Proxy (KKDCP).
The critical vulnerability CVE-2023-38035 CVSS: 9.8, discovered by Mnemonic information security specialists, allows an unauthorized attacker to gain access to confidential administrative portal configuration APIs via port 8443 used by the MobileIron Configuration Service (MICS).
Access to the system becomes possible after a cybercriminal bypasses authentication mechanisms by using an insufficiently strict Apache HTTPD configuration. Successful exploitation of the vulnerability allows a hacker to change system settings, execute system commands, or write files to systems running Ivanti Sentry version 9.18 or earlier.
Ivanti recommends that administrators not expose MICS to the Internet and restrict access to internal management networks. According to the company, this bug does not affect other Ivanti products or solutions, such as Ivanti Endpoint Manager Mobile (EPMM), MobileIron Cloud, or Ivanti Neurons for MDM.
Ivanti immediately fixed the issue, and RPM scripts are now available for all supported versions. The company provides detailed instructions on how to apply security updates to vulnerable Sentry systems.
In late July, Ivanti identified the vulnerability CVE-2023-35081 in its EPMM mobile device management software, which was used in attacks on Norwegian government agencies. EPMM is widely used by governments in many countries, including the United States. A search on the Shodan platform revealed dozens of potentially vulnerable government agencies in the United States and Europe.
An American software developer, Ivanti, has warned customers that a critical Sentry API authentication bypass vulnerability is being exploited in real-world conditions (In The Wild, ITW).
Ivanti Sentry (formerly MobileIron Sentry) functions as an access control device (gatekeeper) to corporate ActiveSync servers (Microsoft Exchange Server) or internal resources (such as Sharepoint servers in the MobileIron solution environment), and can also serve as a proxy server for the Kerberos Key Distribution Center Proxy (KKDCP).
The critical vulnerability CVE-2023-38035 CVSS: 9.8, discovered by Mnemonic information security specialists, allows an unauthorized attacker to gain access to confidential administrative portal configuration APIs via port 8443 used by the MobileIron Configuration Service (MICS).
Access to the system becomes possible after a cybercriminal bypasses authentication mechanisms by using an insufficiently strict Apache HTTPD configuration. Successful exploitation of the vulnerability allows a hacker to change system settings, execute system commands, or write files to systems running Ivanti Sentry version 9.18 or earlier.
Ivanti recommends that administrators not expose MICS to the Internet and restrict access to internal management networks. According to the company, this bug does not affect other Ivanti products or solutions, such as Ivanti Endpoint Manager Mobile (EPMM), MobileIron Cloud, or Ivanti Neurons for MDM.
Ivanti immediately fixed the issue, and RPM scripts are now available for all supported versions. The company provides detailed instructions on how to apply security updates to vulnerable Sentry systems.
In late July, Ivanti identified the vulnerability CVE-2023-35081 in its EPMM mobile device management software, which was used in attacks on Norwegian government agencies. EPMM is widely used by governments in many countries, including the United States. A search on the Shodan platform revealed dozens of potentially vulnerable government agencies in the United States and Europe.
