This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114356Ivanti Sentry Authentication Bypass
8.1 High
AI Score
Confidence
Low
Ivanti Sentry, formerly known as MobileIron Sentry, is vulnerable to an API authentication bypass on the Sentry administrator interface. A remote and unauthenticated attacker can leverage this vulnerability to gain access to sensitive APIs and achieve OS command execution as the root user on the vulnerable instance.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38035
packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface
forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US
www.horizon3.ai/attack-research/attack-blogs/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
8.1 High
AI Score
Confidence
Low