advisory
Image: Philip Oroni via Unsplash

Ivanti: Customers ‘impacted’ by new zero-day vulnerability

IT giant Ivanti is advising some customers to make changes to dodge a new zero-day vulnerability affecting one of its products.

On Monday, the company warned of a bug in its Sentry security product that was discovered by researchers. Avanti said it was “only aware of a limited number of customers impacted.” The vulnerability, labeled CVE-2023-38035 and listed Monday, carries a severity score of 9.8 out of 10.

The company declined to explain whether “impacted” referred to exploitation by malicious hackers. A spokesperson said Ivanti is “unable to discuss the specifics of our customers, but we are engaging with customers to help them apply the fix.”

The bug occurs in Ivanti Sentry, formerly known as MobileIron Sentry, but “does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM,” the company said in an advisory.

“If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS). While the issue has a high CVSS score, there is a low risk of exploitation for customers who do not expose port 8443 to the internet.”

Hackers exploiting the bug could run commands on a victim’s system, make configuration changes and more. Ivanti urged customers to disconnect MICS from the internet — a move that falls in line with recommendations from cybersecurity agencies around the world.

The company has created scripts to address the issue but warned that each one is customized for a specific version, and if applied to the wrong version of the software, the vulnerability will not be resolved.

Ivanti thanked a researcher named mnemonic for discovering the Sentry issue.

The company released a blog post about the issue alongside the advisory, explaining that the issue impacts all supported versions of Sentry – Versions 9.18. 9.17 and 9.16. Older versions of the tool are also at risk.

Separately, the Endpoint Manager Mobile (EPMM) tool has been at the center of controversy since it was exploited by hackers who gained access to several departments of the Norwegian government last month.

In addition to the vulnerability highlighted by CISA and officials in Norway, researchers found another issue affecting Ivanti products last week.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.