An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
The vulnerability consists of bypassing the authentication mechanism (CWE-288), which means that an attacker can gain access to protected resources without going through the required identity verification procedures. An attacker can remotely, without possessing any credentials, invoke administrative functions of the Ivanti Sentry system. As a result, it is possible to create new accounts with administrator privileges, resulting in full takeover of the device.
Attackers gain full administrative access to the Ivanti Sentry system, which includes high confidentiality, integrity, and availability of resources. This can lead to complete compromise of the infrastructure managed by Ivanti Sentry, including data transmitted through the device.
Ivanti Sentry must be immediately updated to version R10.5.2, R10.6.2, or R10.7.1 (depending on the product branch in use). Details are available in the official Ivanti security bulletin at the address indicated in the references.
Ivanti Sentry in versions earlier than R10.5.2, R10.6.2, and R10.7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HIvanti Standalone Sentry
APPIvanti10.7.0< 10.5.210.6.0 – 10.6.2 (bez)
Related vulnerabilities
RCE poprzez OS Command Injection w Ivanti Sentry (nieuwierzytelniony dostęp root)
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated ...
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to exec...
Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)
Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE