Remote Code Execution Vulnerability in Ivanti Sentry Patched (CVE-2023-41724)

Bar Refael

March 21, 2024

Ivanti has urgently addressed a critical remote code execution (RCE) vulnerability in Standalone Sentry, a key component of their network security solutions. Identified as CVE-2023-41724, this flaw poses a significant risk with a CVSS score of 9.6, allowing unauthenticated attackers to execute arbitrary commands on the affected system within the same network.

Vulnerability Details:

CVE-2023-41724 affects all supported versions of Standalone Sentry, specifically versions 9.17.0, 9.18.0, and 9.19.0, along with older releases. Ivanti has quickly responded by issuing patches (versions 9.17.1, 9.18.1, and 9.19.1) available through their standard download portal. The vulnerability enables threat actors on the same physical or logical network to compromise the underlying operating system of the appliance without authentication.

Contribution and Mitigation:

The discovery of this critical flaw is attributed to Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani, and Antonin B. from the NATO Cyber Security Centre, highlighting the importance of collaborative cybersecurity efforts. Ivanti has urged all customers to apply the provided fixes immediately to secure their systems against potential cyber threats. The company reassured that there have been no reported customer impacts related to CVE-2023-41724 and noted that exploitation over the internet is mitigated by the requirement of a valid TLS client certificate enrolled through EPMM.

Context and Threat Landscape:

This disclosure comes in the wake of reports by Mandiant, indicating that recently discovered vulnerabilities in Ivanti products have been exploited by suspected China-linked cyber espionage groups identified as UNC5221, UNC5325, and UNC3886. The ongoing targeting of Ivanti’s software underscores the critical nature of the Sentry RCE vulnerability and the necessity for immediate patching.

Additionally, a separate security issue was unveiled by SonarSource, involving a mutation cross-site scripting (mXSS) vulnerability in the Mailspring email client (CVE-2023-47479). This flaw could allow attackers to bypass sandbox and Content Security Policy (CSP) protections, achieving code execution through user interaction with a malicious email.

Conclusion:

The swift identification and patching of CVE-2023-41724 by Ivanti, coupled with the collaborative efforts of cybersecurity researchers, demonstrate the ongoing challenges and importance of vigilance in the cyber threat landscape. Organizations utilizing Ivanti Sentry are strongly encouraged to update their systems as recommended to prevent potential exploitation and safeguard against emerging cyber threats.

Stay Secure. Stay Informed.

OP Innovate Research Team.

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Get OP Innovate CTI Alerts

Leave your email and get critical updates and alerts straight to your inbox