Unauthorized Access Vulnerability in Ivanti's Sentry Product
CVE-2023-39338

6.8MEDIUM

Key Information:

Vendor: Ivanti
Status: Sentry
Vendor: CVE Published:; 12 July 2025

What is CVE-2023-39338?

An authenticated user on an enrolled device can potentially exploit a vulnerability in Ivanti's Sentry product to gain unauthorized tunnel access to a protected service. While the user cannot authenticate or directly use the service, this exploit allows bypassing Sentry's access control policies, potentially exposing sensitive services to unauthorized access. Prompt remediation is required to mitigate risks associated with this vulnerability.

Affected Version(s)

Sentry 9.0 < 9.20

References

https://forums.ivanti.com/s/article/CVE-2023-39338

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jul 28, 2023