Ivanti Releases Security Updates for Vulnerability Affecting Sentry Standalone

Critical vulnerability could allow remote code execution on an affected device

Threat ID:: CC-4470
Threat Severity:: Medium
Published:: 21 March 2024 1:28 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Critical vulnerability could allow remote code execution on an affected device

Affected platforms

The following platforms are known to be affected:

Versions: 9.17.0, 9.18.0, 9.19.0 and all prior

Ivanti Sentry (formerly MobileIron Sentry)

Threat details

Introduction

Ivanti has released security updates to address a vulnerability affecting Ivanti Sentry Standalone, an in-line gateway that manages, encrypts, and secures traffic between mobile devices and back-end systems. Designated CVE-2023-41724, the vulnerability has a CVSSv3 score of 9.6 and could allow an unauthenticated attacker to execute arbitrary commands or achieve remote code execution.

Remediation advice

Affected organisations are encouraged to review the advisory CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry and apply any relevant security updates.

Definitive source of threat updates

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US

CVE Vulnerabilities

Status Reserved

CVE-2023-41724

Last edited: 21 March 2024 2:53 pm