Unauthenticated Command Injection Vulnerability in Ivanti Sentry
CVE-2023-41724

8.8HIGH

Key Information:

Vendor
Ivanti
Status
Sentry
Vendor
CVE Published:
31 March 2024

Badges

đź“° News Worthy

Summary

The command injection vulnerability in Ivanti Sentry prior to version 9.19.0 poses a significant risk by allowing unauthenticated threat actors to execute arbitrary commands on the underlying operating system of the appliance. This vulnerability can be exploited from within the same physical or logical network, leading to potential unauthorized access and system compromise. It is essential for organizations using Ivanti Sentry to apply necessary updates and follow security best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Sentry 9.19.0

News Articles

favicon imageCyber Kendra

Ivanti Discloses Critical RCE Flaw in Standalone Sentry, Urges Immediate Patching - Cyber Kendra

Ivanti Discloses Critical RCE Flaw in Standalone Sentry, Urges Immediate Patching

10 months ago

favicon imageHelp Net Security

Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for

11 months ago

favicon imageCybersecurityNews

CVE-2023-41724 Archives

Home About Us Contact US Privacy Policy Sign in Welcome! Log into your account ...

11 months ago

References

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by Beeping Computers

  • Vulnerability Reserved

.