Attackers Can Take Over Ivanti Sentry Without a Password

Ivanti patched a critical Sentry flaw that lets unauthenticated attackers execute code and gain full system control, requiring immediate updates.

Ivanti has released urgent security patches for two critical vulnerabilities in its Sentry product, a gateway used by enterprises to manage and secure traffic from mobile devices. The most severe of these flaws, tracked as CVE-2023-41724, earned a maximum severity score of 10.0. This vulnerability allows an unauthenticated attacker on the same local network to execute commands with root privileges, the highest level of access on a system. A second vulnerability, CVE-2023-41723, rated 9.6, could allow an attacker to write files onto the appliance. These flaws affect all supported versions of Ivanti Sentry, including 9.17, 9.18, and 9.19, putting a wide range of enterprise environments at risk. The company has stressed the importance of applying the new updates immediately to secure these systems against potential attacks.

The implications of these vulnerabilities are significant for any organization relying on Ivanti Sentry. A successful exploit of the primary flaw would give an attacker complete control over the Sentry appliance. Because this gateway sits at a crucial junction between mobile devices and the internal corporate network, a compromised device could serve as a powerful pivot point for broader attacks. An attacker could potentially intercept sensitive data, disrupt services, or move deeper into the company's network infrastructure. The fact that an attacker needs no prior authentication—no username or password—lowers the bar for exploitation considerably. This makes the threat more immediate and widespread, as any vulnerable, accessible system is a potential target.

While Ivanti has stated that it is not aware of any active exploitation of these vulnerabilities in the wild, the public disclosure of such critical flaws often precedes a wave of attacks from threat actors. Security teams should not wait for signs of an attack before taking action. The patches address the root causes of the vulnerabilities, and applying them is the most effective defense. This incident also serves as a reminder of the importance of network security best practices, such as segmentation, which can limit an attacker's ability to reach vulnerable systems even if they gain a foothold on the local network. For IT and security leaders, this event underscores the ongoing need for vigilant patch management, especially for internet-facing security appliances that act as the first line of defense.