Rewterz Threat Update – Urgent Patch Released for Critical Ivanti Standalone Sentry Remote Code Execution Vulnerability

Severity

High

Analysis Summary

Ivanti, a software company, recently disclosed a critical remote code execution vulnerability affecting Standalone Sentry, urging immediate application of fixes to protect against potential cyber threats.

Tracked as CVE-2023-41724, this flaw has a CVSS score of 9.6 and can be exploited by unauthenticated threat actors to execute arbitrary commands on the underlying operating system of the appliance within the same network. All supported versions including 9.17.0, 9.18.0, and 9.19.0, as well as older versions, are impacted. Ivanti has released patches (versions 9.17.1, 9.18.1, and 9.19.1) which can be downloaded through the standard portal.

While Ivanti is not aware of any affected customers, it noted that threat actors without a valid TLS client certificate enrolled through EPMM cannot directly exploit this issue over the internet. However, there have been recent instances of Ivanti software flaws being exploited by suspected China-linked cyber espionage groups UNC5221, UNC5325, and UNC3886, according to Mandiant.

In another security development, SonarSource highlighted a mutation cross-site scripting (mXSS) flaw affecting the open-source email client Mailspring (CVE-2023-47479), also known as Nylas Mail. This flaw allows for bypassing sandbox and Content Security Policy (CSP) protections, leading to code execution when a user replies to or forwards a malicious email. Security researchers explained that mXSS involves providing a seemingly innocent payload during parsing but mutating it into a malicious one during re-parsing, exploiting vulnerabilities during the content display stage.

Both Ivanti’s critical vulnerability and SonarSource’s mXSS flaw underscore the ongoing challenges in securing software systems against evolving cyber threats. Prompt application of patches and proactive security measures are crucial in mitigating risks associated with such vulnerabilities and ensuring overall system integrity and user safety. Collaboration between security researchers, software vendors, and cybersecurity experts remains essential in identifying, addressing, and preventing potential exploits and attacks in the digital landscape.

Impact

• Code Execution
• Cyber Espionage

Indicators Of Compromise

CVE

• CVE-2023-41724

Affected Vendors

Ivanti

Affected Products

• Ivanti Standalone Sentry

Remediation

• Refer to the Ivanti Website for patch, upgrade, or suggested workaround information.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.