An API Authentication Bypass vulnerability (CVE-2023-38035) has been identified in Ivanti Sentry MICS Admin Portal, allowing access to the administrator interface in Ivanti Sentry versions 9.18. 9.17 and 9.16.
Versions prior to this remain at risk.
Exploitation of this vulnerability may allow an actor to gain unauthorised access to the administrator portal and change configuration, run commands and write to the filesystem.
Ivanti says it is aware of a limited number of customers impacted by CVE-2023-38035. The ACSC is not aware of any successful exploitation attempts against Australian organisations.
Mitigation / How do I stay secure?
Australian organisations using Ivanti Sentry version 9.18.0 or earlier should review their patch status and update their software to the latest version.
Ivanti has released a security advisory and a hotfix for affected devices.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required.
Organisations or individuals that have been impacted or require assistance can call 1300 CYBER1 (1300 292 371) for assistance.