{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-058.pdf"
    },
    "title": "Critical Vulnerability in MobileIron Sentry",
    "serial_number": "2023-058",
    "publish_date": "22-08-2023 08:45:45",
    "description": "On July 24, 2023, Ivanti published a security advisory about a vulnerability discovered in Ivanti Sentry, formerly known as MobileIron Sentry. The vulnerability tracked as CVE-2023-38035 is an API authentication bypass being exploited in the wild. A successful exploitation allows an attacker to change configuration, run system commands, or write files onto systems.<br>\nWhile the CVSS score is high (9.8), the software company assessed as a low risk of exploitation for customers who do not expose 8443 to the Internet.<br>\n",
    "url_title": "2023-058",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in Iventy Sentry'\nversion: '1.0'\nnumber: '2023-058'\noriginal_date: 'August 21, 2023'\ndate: 'August 22, 2023'\n---\n\n_History:_\n\n* _22/08/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn July 24, 2023, Ivanti published a security advisory about a vulnerability discovered in Ivanti Sentry, formerly known as MobileIron Sentry [1]. The vulnerability tracked as **CVE-2023-38035** is an API authentication bypass being exploited in the wild. A successful exploitation allows an attacker to change configuration, run system commands, or write files onto systems [3].\n\nWhile the CVSS score is high (9.8), the software company assessed as a low risk of exploitation for customers who do not expose 8443 to the Internet [2].\n\n# Technical Details\n\nIvanti Sentry functions as a gatekeeper for enterprise ActiveSync servers like Microsoft Exchange Server or backend resources such as Sharepoint servers in MobileIron deployments, and it can also operate as a Kerberos Key Distribution Center Proxy (KKDCP) server [3].\n\nDiscovered and reported by researchers at cybersecurity company mnemonic, the critical vulnerability (CVE-2023-38035) enables unauthenticated attackers to gain access to sensitive admin portal configuration APIs exposed over port 8443, used by MobileIron Configuration Service (MICS) [3].\n\n# Affected Products\n\nThis vulnerability affects Ivanti Sentry versions 9.18 and prior.\n\n# Recommendations\n\nCERT-EU strongly recommends reviewing Ivanti's security advisory [2] and upgrading affected systems to avoid potential exploitation of this vulnerability.\n\n# References\n\n[1] <https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US>\n\n[2] <https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry>\n\n[3] <https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/>",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/08/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On July 24, 2023, Ivanti published a security advisory about a vulnerability discovered in Ivanti Sentry, formerly known as MobileIron Sentry [1]. The vulnerability tracked as <strong>CVE-2023-38035</strong> is an API authentication bypass being exploited in the wild. A successful exploitation allows an attacker to change configuration, run system commands, or write files onto systems [3].</p><p>While the CVSS score is high (9.8), the software company assessed as a low risk of exploitation for customers who do not expose 8443 to the Internet [2].</p><h2 id=\"technical-details\">Technical Details</h2><p>Ivanti Sentry functions as a gatekeeper for enterprise ActiveSync servers like Microsoft Exchange Server or backend resources such as Sharepoint servers in MobileIron deployments, and it can also operate as a Kerberos Key Distribution Center Proxy (KKDCP) server [3].</p><p>Discovered and reported by researchers at cybersecurity company mnemonic, the critical vulnerability (CVE-2023-38035) enables unauthenticated attackers to gain access to sensitive admin portal configuration APIs exposed over port 8443, used by MobileIron Configuration Service (MICS) [3].</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects Ivanti Sentry versions 9.18 and prior.</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends reviewing Ivanti's security advisory [2] and upgrading affected systems to avoid potential exploitation of this vulnerability.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US\">https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry\">https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/\">https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}