Talk to an expert

Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035)

By Elliot Anderson | August 22, 2023

CVE-2023-38035 Threat Summary:

CVE-2023-38035 allows an unauthenticated attacker to access sensitive admin configuration APIs on versions 9.18 and prior of Ivanti Sentry over port 8443. These configuration APIs are then used by the MobileIron Configuration Service (MICS), which upon successful exploitation, could lead to remote code execution with root permissions and configuration changes to MICS.

Lumifi's Analysis:

Exploiting this vulnerability is only possible via internal access by a threat actor or if the MICS is configured on a port exposed to the internet. If the threat actor does not have access to this service initially, then this vulnerability can be chained with two other vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2023-35078 and CVE-2023-35081) to lead to the successful exploitation of this Ivanti Sentry authentication bypass.

Lumifi's Recommendations:

While the Lumifi content library contains many detections that would alert on a variety of theoretical attack paths that could spawn from this vulnerability, there currently isn't enough information regarding the exact mechanism of exploitation to reliably detect this vulnerability. As such, Lumifi recommends restricting access to Ivanti Sentry to a management network only IT administrators can access and ensure that the System Manager Portal (on port 8443 by default) is not exposed to external networks. Additionally, any vulnerable versions should be patched via the RPM scripts available on Ivanti's KB (https://forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US).

By Elliot Anderson
Threat Name
Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035)
Share This

Subscribe for Exclusive Updates

Stay informed with the most recent updates, threat briefs, and useful tools & resources. You have the option to unsubscribe at any time.

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram