Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes.
Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an due to an insufficiently restrictive Apache HTTPD configuration.
Successful exploitation of the bug could allow an attacker to change configuration, run system commands, or write files onto the system. It’s recommended that users restrict access to MICS to internal management networks.
“Successful exploitation allows an unauthenticated threat actor to read and write files to the Ivanti Sentry server and execute OS commands as system administrator (root) through use of ‘super user do’ (sudo),” it said.
What’s more, CVE-2023-38035 could be weaponized after exploiting CVE-2023-35078 and CVE-2023-35081, two other recently disclosed flaws in the Ivanti Endpoint Manager Mobile (EPMM), in scenarios where port 8443 is not publicly accessible as the admin portal is used to communicate with the Ivanti EPMM server.
The development comes a week after Ivanti fixed two critical stack-based buffer overflow flaws (CVE-2023-32560) in its Avalanche software that could lead to crashes and arbitrary code execution on vulnerable installations.
Source: https://thehackernews.com/