NATO Cyber Security Centre researchers have discovered a critical severity vulnerability impacting the Ivanti Standalone Sentry. Tracked as CVE-2023-41724 is given a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands.
Ivanti has mentioned in the advisory that there are no reports of any exploitation attempts of the vulnerability.
Ivanti Standalone Sentry is a separate appliance that acts as a gateway between devices and ActiveSync-enabled email servers or backend resources. It is a part of Ivanti deployment and provides secure access to your company’s ActiveSync server, such as a Microsoft Exchange Server.
Vulnerability Description
An unauthenticated attacker may exploit the vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Affected versions
This vulnerability impacts all supported versions 9.17.0, 9.18.0, 9.19.0, and prior versions.
Mitigation
Customers are advised to upgrade to the Ivanti Standalone Sentry Supported Release versions 9.17.1, 9.18.1, and 9.19.1 to patch the vulnerability.
Users can download the latest updates by logging into the standard download portal.
Please refer to the Knowledge Base Article for more information regarding accessing and applying the remediations.
Qualys Detection
Qualys customers can scan their devices with QID 731287 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US