Ivanti has acknowledged that attacks have taken advantage of a recently identified vulnerability affecting its Sentry mobile gateway.
On August 21, it was discovered that the vulnerability, identified as CVE-2023-38035 and classified as having “critical severity,” existed.
According to Ivanti, the flaw enables an unauthenticated attacker to “access some sensitive APIs that are used to configure Ivanti Sentry on the administrator portal”.
According to Mnemonic, the cybersecurity company that alerted Ivanti to the problem, a hacker could take advantage of the flaw to “read and write files to the Ivanti Sentry server and execute OS commands as system administrator (root) through use of’super user do’ (sudo)”.
Read More: Exploitation of Ivanti Sentry Zero-Day Confirmed
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.