Critical Ivanti Sentry Vulnerability Under Active Exploitation

A critical vulnerability in Ivanti Sentry (MobileIron Sentry) is being actively exploited in the wild. The vulnerability is an authentication bypass issue and is tracked as CVE-2023-38035. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10 and affects version 9.18 and earlier versions.

The endpoint management product is used to manage, encrypt, and secure traffic between mobile devices and back-end enterprise systems. If exploited, an unauthenticated attacker can access sensitive APIs that are used to configure Ivanti Sentry on the administrator panel (port 8443, commonly MICS). If successfully exploited, an attacker could run system commands as administrator, change the configuration, and write files to the system.

The vulnerability was discovered by researchers at Mnemonic. According to Ivanti, the biggest risk is for customers that expose port 8443 to the Internet. If customers restrict access to MICS to internal management networks, Avanti says there is a low risk of exploitation; however, it would be possible to chain this vulnerability with two other recently disclosed flaws – CVE-2023-35078 and CVE-2023-35081 – in the Ivanti Endpoint Manager Mobile (EPMM) when port 8443 is not exposed to the Internet since the admin panel is used to communicate with the Ivanti EPMM server.

Ivanti explained in its security update that it has released RPM scripts for all supported Ivanti Sentry versions. Ivanti has warned that applying the wrong script may result in system vulnerability or could prevent the vulnerability from being remediated, so users should carefully read the advisory and follow the instructions for accessing and applying the remediations.

Ivanti Sentry administrators should ensure the vulnerability is remediated as soon as possible to prevent exploitation.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of