Ivanti warned prospects to instantly patch a essential severity Standalone Sentry vulnerability reported by NATO Cyber Safety Centre researchers.
Standalone Sentry is deployed as a corporation’s Kerberos Key Distribution Heart Proxy (KKDCP) server or as a gatekeeper for ActiveSync-enabled Alternate and Sharepoint servers.
Tracked as CVE-2023-41724, the security flaw impacts all supported variations and it permits unauthenticated unhealthy actors inside the similar bodily or logical community to execute arbitrary instructions in low-complexity assaults.
Ivanti additionally mounted a second essential vulnerability (CVE-2023-46808) in its Neurons for ITSM IT service administration resolution that allows distant menace actors with entry to an account with low privileges to execute instructions “within the context of net utility’s consumer.”
Whereas this patch has already been utilized to all Ivanti Neurons for ITSM Cloud landscapes, on-premises deployments are nonetheless weak to potential assaults.
The corporate added that it discovered no proof that these two security vulnerabilities are being exploited within the wild.
“There’s a patch accessible now by way of the usual obtain portal. We strongly encourage prospects to behave instantly to make sure they’re totally protected,” Ivanti mentioned.
“We aren’t conscious of any prospects being exploited by this vulnerability on the time of disclosure.”
Ivanti units beneath assault
For the reason that begin of the 12 months, nation-state actors have exploited a number of Ivanti vulnerabilities as zero-days (i.e., CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893) earlier than a variety of menace actors began leveraging them at a bigger scale to deploy varied customized malware strains.
Final month, over 13,000 Ivanti Join Safe and Coverage Safe endpoints had been nonetheless weak to assaults concentrating on the identical security bugs.
One month earlier, CISA issued this 12 months’s first emergency directive ordering federal businesses to instantly safe their Ivanti Join Safe and Coverage Safe techniques towards zero-day flaws focused in widespread assaults.
The U.S. cybersecurity company amended the emergency directive roughly two weeks later to order the businesses to disconnect all weak Ivanti VPN home equipment as quickly as attainable and rebuild them with patched software program earlier than bringing them again on-line.
A number of suspected Chinese language menace teams used one other Join Safe zero-day tracked as CVE-2021-22893 three years in the past to breach dozens of presidency, protection, and monetary organizations throughout Europe and the US.
