Ivanti has disclosed details of a critical remote code execution flaw affecting Standalone Sentry, urging customers to apply the fix immediately to protect against potential cyber threats.
Tracked as CVE-2023-41724the vulnerability has a CVSS score of 9.6.
“An unauthenticated threat actor could execute arbitrary commands on the underlying operating system of a device within the same physical or logical network,” the company said.
This flaw affects all supported versions 9.17.0, 9.18.0 and 9.19.0 as well as older versions. The company said it has made a patch available (versions 9.17.1, 9.18.1 and 9.19.1), which can be downloaded through the standard download portal.
It commended Vincent Hutsebaut, Pierre Vivegnis, Jerome Nokin, Roberto Suggi Liverani and Antonin B. of the NATO Cyber Security Center for their “collaboration on this issue.”
Ivanti stressed that it was not aware of any customers being affected by CVE-2023-41724, adding that “threat actors without a valid TLS client certificate registered with EPMM would not be able to exploit this issue directly on the Internet.”
According to Mandiant, the recently disclosed Ivanti software security vulnerability has been exploited by at least three different cyber espionage clusters suspected of being linked to China, namely UNC5221, UNC5325 and UNC3886.
This development comes as SonarSource revealed a mutated cross-site scripting (mXSS) flaw affecting the open source email client called Mailspring aka Nylas Mail (CVE-2023-47479), which can be exploited to bypass Sandboxing and Content Security Policy (CSP) protect code execution when users reply to or forward malicious emails.
“mXSS exploits this by serving up a payload that initially appears innocent when parsed (during the sanitization process), but mutates it into a malicious payload when re-parsed (during the final stage of displaying the content),” said security researcher Yaniv Nizry said.
