CVE-2023-41724
published 2024-03-31CVE-2023-41724: A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying…
PriorityP182high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.84%
95.8th percentile
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | sentry | 9.19.0 – 9.19.0 | — |
| ivanti | standalone_sentry | < 9.19.0 | 9.19.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is a command injection (CWE-77/CWE-94) in Ivanti Sentry's administrator web interface, exploitable by unauthenticated attackers on the same physical or logical network (adjacent network). Detection should focus on unexpected OS command execution originating from the Sentry appliance process. ↗
- ·Vulnerability only affects Ivanti Sentry versions prior to 9.19.0; version 9.19.0 and later are patched. Ensure appliances are confirmed to be on a vulnerable version before triaging alerts. ↗
- ·Exploitation requires the attacker to be within the same physical or logical network as the Sentry appliance — remote internet-based exploitation is not possible without prior network access. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.6CRITICALCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6mj7-m8r8-g28v: A command injection vulnerability in Ivanti Sentry prior to 9
ghsa_unreviewed·2024-03-31
CVE-2023-41724 [CRITICAL] CWE-77 GHSA-6mj7-m8r8-g28v: A command injection vulnerability in Ivanti Sentry prior to 9
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
VulnCheck
Ivanti Sentry Improper Neutralization of Special Elements used in a Command ('Command Injection')
vulncheck·2023·CVSS 8.8
CVE-2023-41724 [HIGH] Ivanti Sentry Improper Neutralization of Special Elements used in a Command ('Command Injection')
Ivanti Sentry Improper Neutralization of Special Elements used in a Command ('Command Injection')
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Affected: Ivanti Sentry
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/2024_Trustwave_Public_Sector_Threat_Landscape.pdf
Ivanti
Ivanti Security Advisory: CVE-2023-41724
vendor_ivanti·2024-03-31·CVSS 8.8
CVE-2023-41724 [HIGH] CWE-77 Ivanti Security Advisory: CVE-2023-41724
Ivanti Security Advisory: CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
CVE IDs: CVE-2023-41724
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-77, CWE-94
No detection rules found.
No public exploits indexed.
Checkpoint
25th March – Threat Intelligence Report
blogs_checkpoint·2024-03-25
CVE-2024-29943 25th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 25th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 25th March, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Japanese tech company Fujitsu discovered malware on its work computers, risking exposure of customer data. The company, a leading IT firm, detected unauthorized access that potentially allowed personal and customer information to be illicitly extracted. Immediate actions included isolating affected computers and enhancing mon
Bleepingcomputer
Ivanti fixes critical Standalone Sentry bug reported by NATO
blogs_bleepingcomputer·2024-03-20·CVSS 8.8
CVE-2023-41724 [HIGH] Ivanti fixes critical Standalone Sentry bug reported by NATO
## Ivanti fixes critical Standalone Sentry bug reported by NATO
## Sergiu Gatlan
Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.
Standalone Sentry is deployed as an organization's Kerberos Key Distribution Center Proxy (KKDCP) server or as a gatekeeper for ActiveSync-enabled Exchange and Sharepoint servers.
Tracked as CVE-2023-41724 , the security flaw impacts all supported versions and it allows unauthenticated bad actors within the same physical or logical network to execute arbitrary commands in low-complexity attacks.
Ivanti also fixed a second critical vulnerability ( CVE-2023-46808 ) in its Neurons for ITSM IT service management solution that enables remote threat actors with acc
2024-03-31
Published
Exploited in the wild