Summary:
Ivanti has revealed a critical remote code execution vulnerability affecting Standalone Sentry and has urged customers to promptly apply the available patches for protection against potential cyber threats. Tracked as CVE-2023-41724 with a CVSS score of 9.6 this flaw allows unauthenticated attackers to execute arbitrary commands on the appliance’s operating system within the same network.

The vulnerability affects all supported versions (9.17.0, 9.18.0, and 9.19.0, as well as older versions. The company said it has made available a patch (versions 9.17.1, 9.18.1, and 9.19.1) that can be downloaded via the standard download portal. While Ivanti has not observed any customers impacted by CVE-2023-41724, Ivanti has noted that threat actors need a valid TLS client certificate enrolled through EPMM to exploit the issue directly on the internet.

Analyst Comments:
Meanwhile, security firm Mandiant has linked recent exploits of Ivanti software vulnerabilities to three suspected China-linked cyber espionage groups: UNC5221, UNC5325, and UNC3886. This underscores the significance of promptly addressing vulnerabilities and applying security patches to mitigate potential risks.

Suggested Corrections:
Ivanti has released a patch available now via the standard download portal. Ivanti strongly encourages customers to act immediately to ensure they are fully protected

Link(s):
https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html

https://forums.ivanti.com/s/article...n-for-Ivanti-Standalone-Sentry?language=en_US