Unauthenticated Command Injection Vulnerability in Ivanti Sentry

CVE-2023-41724

8.8HIGH

Key Information

Vendor: Ivanti
Status: Sentry
Vendor: CVE Published:; 31 March 2024

Badges

📰 News Worthy

Summary

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Affected Version(s)

Sentry <= 9.19.0

News Articles

Cyber Kendra

CVE-2023-41724

Ivanti Discloses Critical RCE Flaw in Standalone Sentry, Urges Immediate Patching - Cyber Kendra

Ivanti Discloses Critical RCE Flaw in Standalone Sentry, Urges Immediate Patching

6 months ago

Help Net Security

CVE-2023-41724CVE-2024-25153

Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for

6 months ago

CybersecurityNews

CVE-2023-41724

CVE-2023-41724 Archives

Home About Us Contact US Privacy Policy Sign in Welcome! Log into your account ...

6 months ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 9.6 - (CRITICAL)
Mar 31, 2024
Vulnerability published.
Mar 31, 2024
First article discovered by Beeping Computers
Mar 20, 2024
Vulnerability Reserved.
Aug 31, 2023

Collectors

NVD DatabaseMitre Database10 News Article(s)