CVE-2023-38035: Ivanti Sentry Authentication Bypass Vulnerability
First published: Mon Aug 21 2023(Updated: )
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti MobileIron Sentry | <=9.18.0 | |
| Ivanti Sentry | ||
| Ivanti Endpoint Manager Mobile | =11.10 | |
| Ivanti Endpoint Manager Mobile | =11.9 | |
| Ivanti Endpoint Manager Mobile | =11.8 | |
| MobileIron Core | =11.7 and below |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
- https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface
- https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/
- https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
- https://www.bleepingcomputer.com/news/security/cisa-critical-ivanti-auth-bypass-bug-now-actively-exploited/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2023-38035?
CVE-2023-38035 is a security vulnerability in the MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which allows an attacker to bypass authentication controls on the administrative interface.
How severe is the CVE-2023-38035 vulnerability?
The severity of the CVE-2023-38035 vulnerability is classified as critical with a severity value of 9.8.
What software is affected by CVE-2023-38035?
The Ivanti MobileIron Sentry versions 9.18.0 and below are affected by CVE-2023-38035.
How can an attacker exploit CVE-2023-38035?
An attacker can exploit CVE-2023-38035 by exploiting an insufficiently restrictive Apache HTTPD configuration to bypass authentication controls on the administrative interface.
Is there a fix available for CVE-2023-38035?
To fix CVE-2023-38035, it is recommended to upgrade to a version of Ivanti MobileIron Sentry that is not vulnerable.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/weakness
- agent/severity
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-35082
- alias/CVE-2023-46805
- alias/CVE-2024-21887
- alias/CVE-2021-22893
- alias/CVE-2023-35078
- alias/CVE-2023-35081
- alias/CVE-2023-38035
- agent/references
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- agent/news-ai
- vendor/ivanti
- canonical/ivanti mobileiron sentry
- version/ivanti mobileiron sentry/9.18.0
- canonical/ivanti sentry
- canonical/ivanti endpoint manager mobile
- version/ivanti endpoint manager mobile/11.10
- version/ivanti endpoint manager mobile/11.9
- version/ivanti endpoint manager mobile/11.8
- vendor/mobileiron
- canonical/mobileiron core
- version/mobileiron core/11.7 and below