Share this article on:
The Australian Cyber Security Centre (ACSC) has rated a vulnerability in the Ivanti Sentry MICS Admin Portal as critical and said that the company is aware of threat actors already taking advantage of the flaw.
The vulnerability – CVE-2023-38035 – can allow a hacker to access the admin portal and make changes to its configuration, as well as being able to create files and run commands.
So far, the ACSC has not observed any of Ivanti’s Australian customers being exploited, though Ivanti has observed it being used in the wild.
According to the ACSC, any Australian organisation running version 9.18.0 of Ivanti Sentry, or any earlier build, should update the software to the latest versions as soon as possible.
In the words of Ivanti’s own product page, Ivanti Sentry is “an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems”.
Ivanti has said that while its Sentry product is affected, its other products remain unaffected.
“As of now, we are only aware of a limited number of customers impacted by CVE-2023-38035,” Ivanti said in a notice.
“Upon learning of the vulnerability, we immediately mobilised resources to fix the problem and have RPM scripts available now for supported versions. Each script is customised for a single version.”
Ivanti had a number of vulnerabilities disclosed recently, including one – CVE-2023-35081 – Ivanti Endpoint Manager Mobile. Instructions on how to take advantage of the vulnerability were being sold on a popular leaks forum as early as 5 August.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.