Ivanti Sentry Authentication Bypass (CVE-2023-38035)
Description
Ivanti Sentry contains an authentication bypass vulnerability (CVE-2023-38035) in the administrator interface API that allows unauthenticated attackers to bypass authentication controls. This critical flaw enables remote attackers to gain unauthorized administrative access to the system without requiring valid credentials, effectively circumventing all authentication mechanisms designed to protect the administrator interface.
Remediation
Apply the vendor-provided security patch immediately. According to Ivanti's security advisory, affected versions (including 9.18.0 and earlier) require installation of a specific hotfix RPM script to remediate this vulnerability. Note: Simply upgrading to version 9.18.0 does NOT address this vulnerability.
Remediation steps:
1. Review the Ivanti security advisory (KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035) to confirm your version is affected
2. Download the appropriate hotfix RPM script from Ivanti's support portal
3. Apply the hotfix following Ivanti's installation instructions
4. Verify the patch was successfully applied by checking the system version
5. Monitor system logs for any suspicious authentication attempts that may indicate prior exploitation
As a temporary mitigation until patching is complete, restrict network access to the Sentry administrator interface to trusted IP addresses only using firewall rules or network segmentation.