Ivanti warned prospects to instantly patch a important severity Standalone Sentry vulnerability reported by NATO Cyber Safety Centre researchers.
Standalone Sentry is deployed as a corporation’s Kerberos Key Distribution Heart Proxy (KKDCP) server or as a gatekeeper for ActiveSync-enabled Trade and Sharepoint servers.
Tracked as CVE-2023-41724, the safety flaw impacts all supported variations and it permits unauthenticated dangerous actors throughout the similar bodily or logical community to execute arbitrary instructions in low-complexity assaults.
Ivanti additionally fixed a second important vulnerability (CVE-2023-46808) in its Neurons for ITSM IT service administration resolution that permits distant menace actors with entry to an account with low privileges to execute instructions “within the context of net software’s consumer.”
Whereas this patch has already been utilized to all Ivanti Neurons for ITSM Cloud landscapes, on-premises deployments are nonetheless susceptible to potential assaults.
The corporate added that it discovered no proof that these two safety vulnerabilities are being exploited within the wild.
“There’s a patch obtainable now by way of the usual obtain portal. We strongly encourage prospects to behave instantly to make sure they’re totally protected,” Ivanti said.
“We aren’t conscious of any prospects being exploited by this vulnerability on the time of disclosure.”
​Ivanti gadgets beneath assault
For the reason that begin of the 12 months, nation-state actors have exploited a number of Ivanti vulnerabilities as zero-days (i.e., CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893) earlier than a variety of menace actors began leveraging them at a larger scale to deploy numerous customized malware strains.
Final month, over 13,000 Ivanti Join Safe and Coverage Safe endpoints were still vulnerable to assaults focusing on the identical safety bugs.
One month earlier, CISA issued this year’s first emergency directive ordering federal businesses to instantly safe their Ivanti Join Safe and Coverage Safe methods towards zero-day flaws focused in widespread assaults.
The U.S. cybersecurity company amended the emergency directive roughly two weeks later to order the businesses to disconnect all vulnerable Ivanti VPN appliances as quickly as attainable and rebuild them with patched software program earlier than bringing them again on-line.
A number of suspected Chinese language menace teams used one other Join Safe zero-day tracked as CVE-2021-22893 three years in the past to breach dozens of government, defense, and financial organizations throughout Europe and the USA.
