Vulnerabilities

CVE-2023-46808 and CVE-2023-41724 Ivanti Neurons for ITSM and Ivanti Standalone Sentry | Critical Insight

Written by Critical Insight | Mar 21, 2024 9:08:00 PM

This advisory is for organizations that use Ivanti Neurons for ITSM (IT Service Management) and Ivanti Standalone Sentry as a Kerberos Key Distribution Proxy server.  If your organization does not use these Ivanti products, this notification may be discarded.

Summary

Ivanti has released patches to address vulnerabilities in Neurons for ITSM and Standalone Sentry platforms.  The vulnerability in Neurons could allow an authenticated remote attacker to perform file writes and command execution in the “context of web application’s user.” 

The Standalone Sentry platform vulnerability could allow an unauthenticated attacker to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Cloud versions of these platforms have already been updated.

CVE-2023-46808 – Authenticate Remote File Write for Ivanti Neurons for ITSM

                CVSSv3: 9.9

CVE-2023-41724 – Remote Code Execution for Ivanti Standalone Sentry

               CVSSv3 9.6               

Affected Platforms

Ivanti Neurons for ITSM (2023.3, 2023.2 and 2023.1). Unsupported versions are also at risk,

Ivanti Standalone Sentry supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk.

Mitigations

Patches are available at the standard download portal.

Additional Resources

https://www.bleepingcomputer.com/news/security/ivanti-fixes-critical-standalone-sentry-bug-reported-by-nato/

https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html

https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US