The American company Ivanti confirms that a zero-day vulnerability in Sentry, its mobile gateway, has been exploited by hackers.

A zero-day vulnerability in Ivanti Sentry was exploited in several attacks, as the software company has now confirmed. Sentry is Ivanti’s mobile gateway that secures traffic between mobile devices and an organization’s back-end systems.

What is it

The vulnerability has the code CVE-2023-38035 and a critical score of 9.8 on the CVSS scale. The US Cybersecurity and Infrastructure Security Agency has now included the zero-day attack in its list of vulnerabilities known to be actively exploited. The agency is asking all government organizations concerned to update the information by September 12 at the latest.

CVE-2023-38035 was reported to Ivanti by cybersecurity company mnemonic. This zero-day allows attackers to read and write files on the Ivanti Sentry server themselves. Hackers can also pose as administrators and execute operating system instructions and change configurations.

No panic

Attacks only come through compromised APIs used to configure Sentry on the 8433 admin portal, Ivanti says. Despite the high CVSS score, according to the company, there is little risk for users who do not expose the portal to the Internet.

Meanwhile, Ivanti has also released a solution to fix the problem. There is a separate approach for the three different versions – 9.18, 9.17 and 9.16 – that the system supports.

Sentry’s foundation was laid three years ago with the acquisition of MobileIron. In 2021, Ivanti conducted another comprehensive study on the role of mobile devices in security.