Ivanti Sentry is a gateway that manages and encrypts traffic between mobile devices and underlying systems in a company. There's already a vulnerability named for this CVE-2023-38035 and it seems to be already exploited in the wild.
This product can also be used as a guardian for enterprise ActiveSync servers such as Microsoft Exchange Server or backend resources including Sharepoint servers in MobileIron and can also act as a Kerberos Key Distribution Center Proxy (KKDCP) server. The bug allows unauthenticated attackers to access sensitive APIs exposed through port 8443, which is used by the MobileIron Configuration Service (MICS). The problem is related to the bypass of authentication control, through an insufficiently strict configuration of Apache HTTPD.
An attacker that successfully exploits the bug can change the gateway's configuration, execute system commands, and write arbitrary files on the system. To mitigate risk, organizations should restrict access to the administrator portal to only internal management networks and not to the Internet, Ivanti said.
Source(s): https://www.darkreading.com/attacks...ritical-vuln-in-its-sentry-gateway-technology
xakep.ru
This product can also be used as a guardian for enterprise ActiveSync servers such as Microsoft Exchange Server or backend resources including Sharepoint servers in MobileIron and can also act as a Kerberos Key Distribution Center Proxy (KKDCP) server. The bug allows unauthenticated attackers to access sensitive APIs exposed through port 8443, which is used by the MobileIron Configuration Service (MICS). The problem is related to the bypass of authentication control, through an insufficiently strict configuration of Apache HTTPD.
An attacker that successfully exploits the bug can change the gateway's configuration, execute system commands, and write arbitrary files on the system. To mitigate risk, organizations should restrict access to the administrator portal to only internal management networks and not to the Internet, Ivanti said.
Source(s): https://www.darkreading.com/attacks...ritical-vuln-in-its-sentry-gateway-technology
Ivanti выпустила экстренный патч для критической уязвимости обхода аутентификации
Компания Ivanti подготовила внеплановый патч для продукта Ivanti Sentry (ранее MobileIron Sentry). Разработчики предупредили, что критическая уязвимость CVE-2023-38035, которую можно использоваться для обхода аутентификации Sentry API, похоже, уже используется хакерами.
xakep.ru