Ivanti has released security updates to address a high-severity vulnerability affecting its Standalone Sentry appliances.
Tracked as CVE-2023-41724, the flaw is an OS command injection issue that allows a remote unauthenticated attacker on the local network to execute arbitrary OS commands on the target system by passing specially crafted data to the application. The vulnerability impacts all supported versions 9.17.0, 9.18.0, and 9.19.0, as well as older releases.
Ivanti said that it is not aware of any exploitation attempts as of yet, however, given that threat actors are quick to weaponize vulnerabilities in Ivanti products, users are strongly advised to update their systems as soon as possible.
In January, cybersecurity firm Volexity reported that Chinese hackers have been exploiting two zero-day flaws impacting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) devices (CVE-2023-46805, CVE-2024-21887) to deploy malware. Another zero-day (CVE-2024-21893) was disclosed in Connect Secure and Policy Secure products at the end of January.
A month later, the US Cybersecurity and Infrastructure Security Agency (CISA) released a security advisory warning of ongoing exploitation of Ivanti product vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893)
Ironically, the agency itself fell victim to a cyberattack exploiting vulnerabilities in Ivanti products. The breach impacted two critical systems within CISA's infrastructure, prompting immediate action to take them offline.
In addition, a financially motivated threat actor called “Magnet Goblin” has been observed targeting the Ivanti Connect Secure vulnerabilities to gain unauthorized access to victim networks.