CVE-2023-38035 : A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versio

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Published 2023-08-21 17:15:47

Updated 2024-12-20 17:50:26

Source HackerOne

View at NVD, CVE.org

Products affected by CVE-2023-38035

Ivanti » Mobileiron Sentry
Versions up to, including, (<=) 9.18.0
cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*
Matching versions

CVE-2023-38035 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.

CISA vulnerability name:

Ivanti Sentry Authentication Bypass Vulnerability

CISA required action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA description:

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Notes:

https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-38035

Added on 2023-08-22 Action due date 2023-09-12

Exploit prediction scoring system (EPSS) score for CVE-2023-38035

EPSS FAQ

94.44%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-38035

Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)

Disclosure Date: 2023-08-21

First seen: 2023-10-08

exploit/linux/http/ivanti_sentry_misc_log_service

This module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user. Authors: - Zach Hanley - James Horseman - jheysel-r7

More information

CVSS scores for CVE-2023-38035

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-08-01
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2024-06-27
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-38035

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2023-38035

https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface

CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface
Vendor Advisory
http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html

Ivanti Sentry Authentication Bypass / Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2023-38035