Ivanti Releases Fix for Authentication Bypass Vulnerability
Ivanti has released a patch to address an API authentication bypass vulnerability affecting Ivanti Sentry Administrator Interface. The flaw affects all supported versions of Ivanti Sentry, previously known as MobileIron Sentry (9.18, 9.17, and 9.16). Older versions may also be vulnerable. The vulnerability can be exploited to modify Sentry configurations.
Ivanti's MobileIron products continue to be under scrutiny for bugs, and to their credit, Ivanti is jumping on fixing them quickly. Ivanti Sentry acts as a gateway for Active Sync and can also be a Kerberos Distribution Center Proxy (KKDCP) server, meaning it's a critical control point in allowing data and kerberos tickets to flow to your mobile device fleet. The flaw, CVE-2023-38035, authentication bypass, CVSS 9.8, lies in the configuration APIs on the MobileIron Configuration Service. Make sure that MICS, port 8443 is NOT exposed to the Internet, (restrict internal access as well), and get that patch deployed.
This is a double-edged issue where you have a critical component (MDM) with a manufacturer that at one point was the leader in the MDM space, combined with API authentication flaws which are very common in Web Applications. This is a good case study: If an attacker can get in your MDM they have access to plenty of your infrastructure to continue on. They can even deploy their own backdoors.
Read more in
Bleeping Computer: Ivanti warns of new actively exploited MobileIron zero-day bug