This advisory is for organizations that use Ivanti Neurons for ITSM (IT Service Management) and Ivanti Standalone Sentry as a Kerberos Key Distribution Proxy server. If your organization does not use these Ivanti products, this notification may be discarded.
Summary
Ivanti has released patches to address vulnerabilities in Neurons for ITSM and Standalone Sentry platforms. The vulnerability in Neurons could allow an authenticated remote attacker to perform file writes and command execution in the “context of web application’s user.”
The Standalone Sentry platform vulnerability could allow an unauthenticated attacker to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Cloud versions of these platforms have already been updated.
CVE-2023-46808 – Authenticate Remote File Write for Ivanti Neurons for ITSM
CVSSv3: 9.9
CVE-2023-41724 – Remote Code Execution for Ivanti Standalone Sentry
CVSSv3 9.6
Affected Platforms
Ivanti Neurons for ITSM (2023.3, 2023.2 and 2023.1). Unsupported versions are also at risk,
Ivanti Standalone Sentry supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk.
Mitigations
Patches are available at the standard download portal.
Additional Resources
https://www.bleepingcomputer.com/news/security/ivanti-fixes-critical-standalone-sentry-bug-reported-by-nato/
https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html
https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US
