CVE-2023-38035: Critical Authentication Bypass Vulnerability in Ivanti Sentry

Share :

On 21 August 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be exploited, the System Management Portal which is hosted on port 8443 by default must be exposed to the internet. Successful exploitation of this vulnerability could lead to a remote unauthenticated threat actor making configuration changes to the server and the underlying Operating System (OS) as root. 

Product  Impacted Versions 
Ivanti Sentry  Versions 9.18, 9.17, 9.16, and older 


Ivanti has indicated that active exploitation of this vulnerability has occurred and has impacted limited customers. 

Recommendation for CVE-2023-38035: Apply the RPM Scripts Released by Ivanti 

Product  Impacted Versions  Patched Versions 
Ivanti Sentry  Versions 9.18, 9.17, 9.16, and older  Versions 9.18.0a, 9.17.0a, 9.16.0a 


Arctic Wolf strongly recommends reviewing the instructions in the “Resolution” section of Ivanti’s knowledge base article to apply the latest patches.  

Patching this vulnerability involves applying RPM(Red Hat Package Manager) scripts for your specific version of Ivanti Sentry.  

Note: Using the wrong RPM script for the impacted version may result in an unsuccessful vulnerability patch, or cause system instability. Please follow your organization’s patching and testing guidelines to avoid any operational impact. 


Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents