cbcvebase.
CVE-2023-41724
published 2024-03-31

CVE-2023-41724: A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying…

PriorityP182high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.84%
95.8th percentile
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantisentry9.19.0 – 9.19.0
ivantistandalone_sentry< 9.19.09.19.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is a command injection (CWE-77/CWE-94) in Ivanti Sentry's administrator web interface, exploitable by unauthenticated attackers on the same physical or logical network (adjacent network). Detection should focus on unexpected OS command execution originating from the Sentry appliance process.
  • ·Vulnerability only affects Ivanti Sentry versions prior to 9.19.0; version 9.19.0 and later are patched. Ensure appliances are confirmed to be on a vulnerable version before triaging alerts.
  • ·Exploitation requires the attacker to be within the same physical or logical network as the Sentry appliance — remote internet-based exploitation is not possible without prior network access.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.6CRITICALCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.