Ivanti has released an RPM script to address an authentication bypass vulnerability in the MCIS (MobileIron Configuration Service) admin portal of the Ivanti Sentry System Manager. The System Manager is remotely accessible via TCP port 8443 by default. This would provide a remote attacker with the capability to "execute OS commands on the appliance as root."
CVE-2023-38035 Ivanti Sentry API Authentication Bypass Vulnerability
CVSSv3: 9.8
Affected Versions
Ivanti Sentry:
Mitigations
Apply the RPM script for the affected version as noted above.
If immediate patching is not an option, ensure that TCP port 8443 (MCIS admin portal) is not internet accessible (Ivanti cautions customers that this is not a complete resolution and the appropriate RPM script should be applied as soon as possible)
Additional Resources
https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry
https://www.mnemonic.io/resources/blog/threat-advisory-remote-code-execution-vulnerability-in-ivanti-sentry/
https://www.bleepingcomputer.com/news/security/exploit-released-for-ivanti-sentry-bug-abused-as-zero-day-in-attacks/