Ivanti, which sounds like an avant-garde brand of Italian pasta, but alas, it’s a software services provider, has uncovered a cyber threat that’s got them all stirred up. The plotted villain of this thriller? A new ‘zero-day’ flaw that is impacting their product, Ivanti Sentry (formerly known as MobileIron Sentry). Makes you wonder if the ‘Sentry’ could’ve used some backup, huh?
Wait, there’s more! This bug isn’t just sitting around binge-watching Netflix inside its software home. No, it has taken a wild turn — it’s being actively exploited. Enter: the antagonist, code-named CVE-2023-38035. You might think this mysterious villain would be a low scorer, but think again. With a whopping CVSS score of 9.8, it’s at the top of its game! It makes us wonder if CVE-2023-38035 has been lifting databases or doing push-ups in the server room to get this fit.
Let’s get this straight. This CVE-2023-38035 doesn’t need the keys to the city. It saunters right past the authentication guards like it owns the place. How audacious! This is what our friends at Ivanti have termed as an authentication bypass, and it’s impacting versions 9.18 and prior. You’d think software would clean up after itself, but it seems some serious IT janitorial work is needed at Ivanti.
As a software services provider, Ivanti has fallen prey to a new critical zero-day flaw impacting its Sentry product. The flaw is not only causing alarm bells to ring by dint of its severity, scored at 9.8, but also due to the fact that it’s currently being exploited in the wild. The bug CVE-2023-38035, described as an authentication bypass, has infiltrated versions 9.18 and prior. Ivanti, it’s time to put those coding gloves on and debug for all you’re worth!
Original Article: https://thehackernews.com/2023/08/ivanti-warns-of-critical-zero-day-flaw.html
No products in the cart.