Warning: Critical Remote Code Execution Vulnerability For Ivanti Standalone Sentry Appliances
CVE-2023-41724: CVSS 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risques
CVE-20241724 is a critical remote code execution (RCE) vulnerability affecting Ivanti Standalone Sentry.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. This would highly affect the confidentiality, integrity, and availability.
There is no available information yet about the vulnerabilities being exploited in the wild by threat actors.
Description
Ivanti Standalone Sentry is an appliance that acts as a gateway between devices and an organisation’s backend enterprise systems.
Ivanti has released security updates for a remote code execution vulnerability affecting Ivanti Standalone Sentry. This vulnerability affects all supported versions 9.17.0, 9.18.0, and 9.19.0. However, older versions are also at risk.
The successful exploitation of CVE-2024-41724, could enable an unauthenticated attacker on the same network as the affected system to execute arbitrary commands on the underlying system.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Références
https://duo.com/decipher/ivanti-patches-critical-rce-standalone-sentry-flaw