New Ivanti Zero-Day Vulnerability Allows Hackers to Access Sensitive APIs – Source: heimdalsecurity.com

Researchers observed a critical Ivanti Sentry API authentication bypass vulnerability exploited in the wild. The flaw was dubbed CVE-2023-38035 and it enables authentication bypass on Ivanti Sentry versions 9.18 and prior, due to improper Apache HTTPD configuration.

According to the company, CVE-2023-38035 doesn`t impact any of its other products, such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM.

Risks Posed by the Ivanti Zero-Day Vulnerability

The Ivanti vulnerability received a high CVSS score. The flaw was found in the MICS Admin Portal and it may permit malicious actor to bypass authentication controls. The reason is poor configuration of Apache HTTPD.

If threat actors succeed exploiting the vulnerability, they will be able to tamper the targeted system by:

• changing configuration,

• executing OS commands as system administrator,

• writing files.

Recommended Security Measures

According to the company, fixes are already available and system admins should apply patches as soon as possible. Since exploiting CVE-2023-38035 is only possible through the System Manager Portal, Ivanti also recommends taking port 8443 offline.

Security specialists recommend users to upgrade their software to a supported version and apply the RPM script designed for their version. Applying the wrong script may lead to system instability and might leave the vulnerability unsolved.

Using an automated patch management solution helps medium to large organizations to address such events in a timely manner. Heimdal`s 3rd Party Patch Management module takes care that all apps running in your system are patched in time without disrupting day to day activity. Check out this free demo to better understand what a professional patch management solution can do for you.

CISA included CVE-2023-38035 in its Known Exploited Vulnerabilities (KEV) catalog and urged Federal Civilian Executive Branch (FCEB) agencies to apply patches until September 12, 2023.

Since the beginning of the year, two other vulnerabilities within Ivanti’s Endpoint Manager Mobile (EPMM) have been exploited and discovered.

CVE-2023-35078, which is also an Ivanti authentication bypass, was exploited as a zero-day vulnerability. Threat actors used it recently to breach the Norwegian Government`s system.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.