#VU79810 Improper Authentication in MobileIron Sentry - CVE-2023-38035

Cybersecurity Help s.r.o.

Published: 2023-08-21 | Updated: 2024-05-13

Vulnerability identifier: #VU79810

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-38035

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
MobileIron Sentry
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Ivanti

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication on certain APIs. A remote attacker can send a specially crafted HTTP request to port 8443/TCP, bypass authentication process and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MobileIron Sentry: before 9.16.0-3

External links
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry
https://forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

API authentication bypass in Ivanti Sentry