Ivanti, a software vendor, has unveiled a critical remote code execution flaw affecting Standalone Sentry, prompting urgent action from customers to apply patches for protection against potential cyber threats. Tracked as CVE-2023-41724, this vulnerability boasts a high CVSS score of 9.6, posing significant risks to affected systems by allowing unauthenticated threat actors to execute arbitrary commands within the network. The flaw impacts various supported versions, including 9.17.0, 9.18.0, and 9.19.0, necessitating immediate deployment of patches (versions 9.17.1, 9.18.1, and 9.19.1) provided by Ivanti.
Ivanti has credited Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani, and Antonin B. from NATO Cyber Security Centre for their collaboration in identifying and addressing the issue. Despite Ivanti’s reassurance that no customers have been affected by CVE-2023-41724, the company emphasizes the importance of proactive mitigation measures due to potential risks. Furthermore, Ivanti highlights the inability of threat actors without valid TLS client certificates to exploit the flaw directly over the internet, adding an additional layer of protection.
In light of recent disclosures, Ivanti’s security flaws have become targets for exploitation by suspected China-linked cyber espionage clusters, including UNC5221, UNC5325, and UNC3886, as reported by Mandiant. This underscores the urgency for organizations to swiftly apply patches and reinforce their security posture against evolving cyber threats. The revelation of vulnerabilities in Ivanti software coincides with SonarSource’s disclosure of a mutation cross-site scripting (mXSS) flaw in the open-source email client Mailspring, further highlighting the persistent and diverse nature of cybersecurity challenges faced by organizations.
