Unauthenticated Command Injection Vulnerability in Ivanti Sentry

CVE-2023-41724

8.8HIGH

Key Information

Vendor
Ivanti
Status
Sentry
Vendor
CVE Published:
31 March 2024

Badges

📰 News Worthy

Summary

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Affected Version(s)

Sentry 9.19.0

News Articles

favicon imageCyber Kendra

Ivanti Discloses Critical RCE Flaw in Standalone Sentry, Urges Immediate Patching - Cyber Kendra

Ivanti Discloses Critical RCE Flaw in Standalone Sentry, Urges Immediate Patching

9 months ago

favicon imageHelp Net Security

Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for

9 months ago

favicon imageCybersecurityNews

CVE-2023-41724 Archives

Home About Us Contact US Privacy Policy Sign in Welcome! Log into your account ...

9 months ago

References

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by Beeping Computers

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database10 News Article(s)
.