On 21 August 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be exploited, the System Management Portal which is hosted on port 8443 by default must be exposed to the internet. Successful exploitation of this vulnerability could lead to a remote unauthenticated threat actor making configuration changes to the server and the underlying Operating System (OS) as root.
|Ivanti Sentry||Versions 9.18, 9.17, 9.16, and older|
Ivanti has indicated that active exploitation of this vulnerability has occurred and has impacted limited customers.
Recommendation for CVE-2023-38035: Apply the RPM Scripts Released by Ivanti
|Product||Impacted Versions||Patched Versions|
|Ivanti Sentry||Versions 9.18, 9.17, 9.16, and older||Versions 9.18.0a, 9.17.0a, 9.16.0a|
Arctic Wolf strongly recommends reviewing the instructions in the “Resolution” section of Ivanti’s knowledge base article to apply the latest patches.
Patching this vulnerability involves applying RPM(Red Hat Package Manager) scripts for your specific version of Ivanti Sentry.
Note: Using the wrong RPM script for the impacted version may result in an unsuccessful vulnerability patch, or cause system instability. Please follow your organization’s patching and testing guidelines to avoid any operational impact.