=================================================================== CERT-Renater Note d'Information No. 2023/VULN281 _____________________________________________________________________ DATE : 31/08/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Ivanti MobileIron Sentry Sentry versions up to and including 9.18.0. ====================================================================https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface _____________________________________________________________________ CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface Primary Product Created Date Aug 21, 2023 2:00:00 PM Last Modified Date Aug 21, 2023 2:06:34 PM A vulnerability has been discovered in Ivanti Sentry, formerly known as MobileIron Sentry. This vulnerability impacts versions 9.18 and prior. The vulnerability does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM. If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS). While the issue has a high CVSS score, there is a low risk of exploitation for customers who do not expose port 8443 to the internet. Successful exploitation can be used to change configuration, run system commands, or write files onto the system. Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet. As of now, we are only aware of a limited number of customers impacted by CVE-2023-38035. CVE Description CVSS Vector CVE-2023-38035 A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. 9.8 CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Upon learning of the vulnerability, we immediately mobilized resources to fix the problem and have RPM scripts available now for supported versions. Each script is customized for a single version. Please note: If the wrong RPM script is applied it may prevent the vulnerability from being remediated or cause system instability. Read this Knowledge Base article for detailed information on how to access and apply the remediations. If you have questions or require further support, please log a case and/or request a call in the Success Portal. Ivanti would like to thank mnemonic for their assistance in identifying this vulnerability. Customers and partners can be automatically notified of changes by subscribing to updates on this document using the ‘View Articles / Follow’ button above. Note: this requires a login to the Ivanti Community portal. Article Number : 000087498 Article Promotion Level Normal ========================================================+ CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =======================================================