QID 730875

Date Published: 2023-08-22

QID 730875: Ivanti Sentry Authentication Bypass Vulnerability (Zero Day)

Ivanti Sentry is a server in an Ivanti deployment that serves as a gatekeeper between mobile devices and a company's ActiveSync server, or with a backend resource such as a Sharepoint server, or it can be configured as a Kerberos Key Distribution Center Proxy (KKDCP) server. Sentry gets configuration and device information from the Ivanti Endpoint Manager Mobile (EPMM) platform.

Affected Versions:
Ivanti Sentry version 9.18.0 and prior versions.

QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to 'mics/login.jsp' endpoint and checks the version of Ivanti Sentry in the response.

Successful exploitation allows an unauthenticated threat actor to read and write files to the Ivanti Sentry server and execute OS commands as system administrator (root) through use of "sudo".

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as Critical - 10 severity.
    • Solution
    Vendor has released RPM scripts for all supported versions. Please refer to Ivanti Sentry Security Advisory

    Vendor References

    CVEs related to QID 730875

    CVE-2023-38035 |
    Software Advisories
    Advisory ID Software Component Link
    Ivanti Sentry Security Advisory URL Logo www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].