“Ivanti’s Critical Bug Challenge: Understanding the Zero-Day Flaw Exploited in the Wild”

“Ivanti’s Critical Bug Challenge: Understanding the Zero-Day Flaw Exploited in the Wild”

Ivanti Facing a New Critical Bug Challenge

  1. Ivanti, a software services provider, issues a warning regarding a new critical zero-day flaw affecting its product, Ivanti Sentry (formerly MobileIron Sentry).
  2. The said bug, tracked as CVE-2023-38035, is reportedly being currently exploited in the wild.
  3. With a CVSS score of 9.8, the flaw is of topmost severity and is characterized as an authentication bypass impacting versions 9.18 and prior, based on Ivanti’s description.

Bug in the System – Ivanti Sends SOS

Ivanti, which sounds like an avant-garde brand of Italian pasta, but alas, it’s a software services provider, has uncovered a cyber threat that’s got them all stirred up. The plotted villain of this thriller? A new ‘zero-day’ flaw that is impacting their product, Ivanti Sentry (formerly known as MobileIron Sentry). Makes you wonder if the ‘Sentry’ could’ve used some backup, huh?

Exploits in the Wild: Mystery of CVE-2023-38035

Wait, there’s more! This bug isn’t just sitting around binge-watching Netflix inside its software home. No, it has taken a wild turn — it’s being actively exploited. Enter: the antagonist, code-named CVE-2023-38035. You might think this mysterious villain would be a low scorer, but think again. With a whopping CVSS score of 9.8, it’s at the top of its game! It makes us wonder if CVE-2023-38035 has been lifting databases or doing push-ups in the server room to get this fit.

No Keys Needed: An Unfortunate Scenario of Authentication Bypass

Let’s get this straight. This CVE-2023-38035 doesn’t need the keys to the city. It saunters right past the authentication guards like it owns the place. How audacious! This is what our friends at Ivanti have termed as an authentication bypass, and it’s impacting versions 9.18 and prior. You’d think software would clean up after itself, but it seems some serious IT janitorial work is needed at Ivanti.

In Conclusion

As a software services provider, Ivanti has fallen prey to a new critical zero-day flaw impacting its Sentry product. The flaw is not only causing alarm bells to ring by dint of its severity, scored at 9.8, but also due to the fact that it’s currently being exploited in the wild. The bug CVE-2023-38035, described as an authentication bypass, has infiltrated versions 9.18 and prior. Ivanti, it’s time to put those coding gloves on and debug for all you’re worth!

Original Article: https://thehackernews.com/2023/08/ivanti-warns-of-critical-zero-day-flaw.html


0

Your Cart Is Empty

No products in the cart.