This alert has been written for organisations using Ivanti Sentry software.
Background/ What has happened?
An API Authentication Bypass vulnerability (CVE-2023-38035) has been identified in Ivanti Sentry MICS Admin Portal, allowing access to the administrator interface in Ivanti Sentry versions 9.18 or below.
Exploitation of this vulnerability may allow an actor to gain unauthorised access to the administrator portal and change configuration, run commands and write to the filesystem.
Ivanti are aware of a limited number of customers impacted by CVE-2023-38035. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of any successful exploitation attempts against Australian organisations.
Mitigation / How do I stay secure?
Australian organisations using Ivanti Sentry version 9.18.0 or earlier should review their patch status and update their software to the latest version. Ivanti have released a security advisory and a hotfix for affected devices.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).