Security vendor Ivanti has urged customers to urgently remediate a newly discovered zero-day vulnerability in its Ivanti Sentry product. Formerly known as MobileIron Sentry, Ivanti Sentry is a secure mobile gateway designed to manage, encrypt and secure traffic traveling between employee devices and back-end corporate systems. A new advisory published by the vendor yesterday revealed that the CVSS 9.8-rated bug (CVE-2023-38035) affects versions 9.18 and earlier of the product. “If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS). While the issue has a high CVSS score, there is a low risk of exploitation for customers who do not expose port 8443 to the internet,” it claimed.
