Ivanti is releasing an update for a critical vulnerability in Standalon Sentry reported by the NATO Cyber ​​​​Security Center.

Ivanti recently released a patch for a critical Standalone Sentry vulnerability reported by researchers at the NATO Cyber ​​​​Security Center. The vulnerability, designated CVE-2023-41724, affected all supporting versions of the software and allowed unauthenticated attackers to execute arbitrary commands within the same physical network. Additionally, Ivanti has addressed a second vulnerability in Neurons for ITSM, which Ivanti fixed.

Fixed vulnerabilities

The vulnerability, designated CVE-2023-41724, affected all supported versions of the software and allowed unauthenticated attackers to execute arbitrary commands within the same physical or logical network. Standalone Sentry is deployed as an organization’s Kerberos Key Distribution Center Proxy (KKDCP) server or as a gatekeeper for Exchange and Sharepoint servers with ActiveSync.

Ivanti also fixed a second vulnerability, this time in the IT service management solution Neurons for ITSM, called CVE-2023-46808. Remote threat actors could execute commands with access to a low-privilege account. Although this patch has already been applied to everything, on-premises deployments are still vulnerable to malicious attacks.

“A patch is now available through the standard download portal. We strongly encourage customers to act immediately to ensure they are fully protected,” says Ivanti. Although the above vulnerabilities have been addressed, it is important for anyone using an Ivanti gateway in their organization to remain vigilant. About a month ago, more than 13,000 Ivanti gateways were vulnerable to hackers.