Ivanti Releases Pressing Repair for Important Sentry RCE Vulnerability

Sentry RCE Vulnerability

Ivanti has disclosed particulars of a crucial remote code execution flaw impacting Standalone Sentry, urging clients to use the fixes instantly to remain protected towards potential cyber threats.

Tracked as CVE-2023-41724, the vulnerability carries a CVSS rating of 9.6.

“An unauthenticated menace actor can execute arbitrary instructions on the underlying working system of the equipment throughout the identical bodily or logical community,” the corporate said.

Cybersecurity

The flaw impacts all supported variations 9.17.0, 9.18.0, and 9.19.0, in addition to older variations. The corporate mentioned it has made obtainable a patch (variations 9.17.1, 9.18.1, and 9.19.1) that may be downloaded by way of the usual obtain portal.

It credited Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of NATO Cyber Safety Centre for “their collaboration on this difficulty.”

Ivanti emphasised that it isn’t conscious of any clients affected by CVE-2023-41724, and added that “menace actors with no legitimate TLS consumer certificates enrolled by means of EPMM can’t instantly exploit this difficulty on the web.”

Not too long ago disclosed safety flaws in Ivanti software program have been topic to exploitation by a minimum of three completely different suspected China-linked cyber espionage clusters tracked as UNC5221, UNC5325, and UNC3886, in accordance with Mandiant.

The event comes as SonarSource revealed a mutation cross-site scripting (mXSS) flaw impacting an open-source electronic mail consumer referred to as Mailspring aka Nylas Mail (CVE-2023-47479) that could possibly be exploited to bypass sandbox and Content material Safety Coverage (CSP) protections and obtain code execution when a person replies to or forwards a malicious electronic mail.

Cybersecurity

“mXSS takes benefit of that by offering a payload that appears harmless initially when parsing (through the sanitization course of) however mutates it to a malicious one when re-parsing it (within the remaining stage of displaying the content material),” safety researcher Yaniv Nizry said.


Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Previous Post
Bamboo Bug

Atlassian Releases Fixes for Over 2 Dozen Flaws, Together with Vital Bamboo Bug

Next Post
United Arab Emirates Faces Intensified Cyber-Risk

United Arab Emirates Faces Intensified Cyber-Threat

Related Posts