TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
http://www.us-cert.gov/tlp/
Summary: On August 21, 2023, US-based IT software company Ivanti warned customers that a critical Sentry API authentication bypass vulnerability is being exploited in the wild. Ivanti Sentry (formerly MobileIron Sentry) functions as a gatekeeper for enterprise ActiveSync servers like Microsoft Exchange Server or backend resources such as Sharepoint servers in MobileIron deployments, and it can also operate as a Kerberos Key Distribution Center Proxy (KKDCP) server.
Ivanti Sentry Security Advisory – hxxps://www.ivanti[.]com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry
NYSIC CAU Analyst Note: Discovered and reported by security researchers at cybersecurity company mnemonic, the critical vulnerability (CVE-2023-38035) enables unauthenticated attackers to gain access to sensitive admin portal configuration APIs exposed over port 8443, used by MobileIron Configuration Service (MICS). This is possible after they bypass authentication controls by taking advantage of an insufficiently restrictive Apache HTTPD configuration. Successful exploitation allows them to change configuration, run system commands, or write files onto systems running Ivanti Sentry versions 9.18 and prior. Ivanti advised admins not to expose MICS to the Internet and restrict access to internal management networks.
Sources:
hxxps:// www.bleepingcomputer[.]com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/
This information has been disseminated to:
NYSIC CAU Contacts – OCT-CIP
NYSIC CAU Contacts – ITS EISO
NYSIC CAU Contacts – Cyber Partners Working Group (CPWG)
NYSIC CAU Contacts – Critical Infrastructure: All
NYSIC CAU Contacts – SLTT
For more information, please contact the NYSIC Cyber Analysis Unit at (518) 786-2191 or CAU@nysic.ny.gov.
TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules,
TLP:CLEAR information may be shared without restriction.
http://www.us-cert.gov/tlp/