Ivanti has disclosed particulars of a crucial distant code execution flaw impacting Standalone Sentry, urging prospects to use the fixes instantly to remain protected in opposition to potential cyber threats.
Tracked as CVE-2023-41724, the vulnerability carries a CVSS rating of 9.6.
“An unauthenticated risk actor can execute arbitrary instructions on the underlying working system of the equipment throughout the identical bodily or logical community,” the corporate mentioned.
The flaw impacts all supported variations 9.17.0, 9.18.0, and 9.19.0, in addition to older variations. The corporate mentioned it has made accessible a patch (variations 9.17.1, 9.18.1, and 9.19.1) that may be downloaded through the usual obtain portal.
It credited Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of NATO Cyber Safety Centre for “their collaboration on this concern.”
Ivanti emphasised that it isn’t conscious of any prospects affected by CVE-2023-41724, and added that “risk actors and not using a legitimate TLS shopper certificates enrolled via EPMM can not immediately exploit this concern on the web.”
Just lately disclosed security flaws in Ivanti software program have been topic to exploitation by a minimum of three totally different suspected China-linked cyber espionage clusters tracked as UNC5221, UNC5325, and UNC3886, in accordance with Mandiant.
The event comes as SonarSource revealed a mutation cross-site scripting (mXSS) flaw impacting an open-source e mail shopper known as Mailspring aka Nylas Mail (CVE-2023-47479) that might be exploited to bypass sandbox and Content material Safety Coverage (CSP) protections and obtain code execution when a consumer replies to or forwards a malicious e mail.
“mXSS takes benefit of that by offering a payload that appears harmless initially when parsing (throughout the sanitization course of) however mutates it to a malicious one when re-parsing it (within the ultimate stage of displaying the content material),” security researcher Yaniv Nizry mentioned.
