Ivanti Takes Action to Address Critical Vulnerability in Sentry Gateway Technology

Critical Zero-Day Vulnerability Discovered in Ivanti Sentry Security Gateway

Internet Security Concerns

Organizations utilizing the Ivanti Sentry security gateway product have been urged to apply a security patch immediately. This patch addresses a zero-day vulnerability, tracked as CVE-2023-38035, affecting all supported versions of Sentry, as well as older, non-supported versions. The flaw, present in the security policies configuration interface, allows attackers to bypass authentication controls and gain unauthorized access to sensitive APIs.

If successfully exploited, the vulnerability enables an unauthenticated actor to change the gateway’s configuration, execute system commands, and write arbitrary files on the system. Ivanti recommends restricting access to the administrator portal to internal management networks instead of the public internet to mitigate the risk.

Severity and Public Exposure

The severity rating of this vulnerability is 9.8 out of 10, classifying it as a critical issue. However, organizations that do not expose port 8443, commonly used for HTTPS or SSL encrypted web traffic, to the internet may face less risk.

According to Ivanti, only a limited number of customers have been impacted by the vulnerability, although media reports suggest that attackers have already exploited the flaw. However, Ivanti has not directly confirmed these reports or provided information regarding the number of compromised customers.

Analysis of Ivanti Sentry

Ivanti Sentry, previously known as MobileIron Sentry, is a crucial component of Ivanti‘s Unified Endpoint Management products. As a gateway technology, it facilitates the management, encryption, and protection of traffic between mobile devices and backend systems. Specifically, Sentry acts as a gatekeeper to an organization’s Microsoft Exchange Server, ActiveSync server, or backend systems like Sharepoint Server. Additionally, it can operate as a Kerberos Key Distribution Center Proxy (KKDCP) server.

The rising use of gateway technologies, including Ivanti Sentry, has attracted the attention of both security researchers and malicious actors. Last month, attackers exploited a remote API access vulnerability in Ivanti Endpoint Manager to compromise systems belonging to 12 Norwegian government agencies. Similarly, earlier this month, Ivanti disclosed another bug in its Avalanche mobile management technology after it was reported by researchers at cybersecurity vendor mnemonic.

Expert Recommendations and Editorial Opinion

Given the severity of the vulnerability in Ivanti Sentry and the potential impact on organizations, it is crucial for affected entities to take immediate action. Applying the security patch released by Ivanti is strongly advised, along with implementing restricted access to the administrator portal and adhering to best practices in internet security.

This incident highlights the increasing prevalence of zero-day vulnerabilities and the critical need for organizations to maintain robust cybersecurity measures. Businesses should continuously update and patch their software systems, especially those handling sensitive data or serving as gateways to backend systems.

Moreover, organizations must prioritize cybersecurity awareness and proactive defense strategies. Investing in comprehensive security solutions, conducting regular risk assessments, and promoting a security-conscious culture are essential steps towards mitigating potential threats.

Conclusion

The discovery of a zero-day vulnerability in Ivanti Sentry’s security gateway technology underscores the urgent need for organizations to prioritize internet security measures. Promptly applying software updates, restricting access to sensitive portals, and staying informed about emerging threats are vital for safeguarding digital assets and maintaining operational resilience. As the cybersecurity landscape evolves, organizations must prioritize proactive security practices to effectively combat emerging threats.