CVE-2023-38035: 
Ivanti MobileIron Sentry vulnerability analysis and mitigation

A critical authentication bypass vulnerability (CVE-2023-38035) was discovered in Ivanti MobileIron Sentry's MICS Admin Portal affecting versions 9.18.0 and below. The vulnerability stems from an insufficiently restrictive Apache HTTPD configuration that could allow attackers to bypass authentication controls on the administrative interface (Tenable Blog, Ivanti Blog). The vulnerability was discovered and reported by researchers at mnemonic, and was disclosed on August 21, 2023.

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The flaw exists in the MobileIron Configuration Service (MICS) Admin Portal, which is accessible by default on TCP port 8443. The vulnerability allows unauthenticated attackers to access sensitive APIs used for configuring Ivanti Sentry, potentially leading to system command execution with root privileges (Tenable Blog, Horizon3 Blog).

If successfully exploited, this vulnerability allows attackers to perform various malicious actions including modifying system configurations, executing system commands as root, and writing files to disk. The vulnerability provides complete control over the affected system, potentially compromising the entire security infrastructure (Tenable Blog).

Ivanti has released RPM Package Manager scripts for supported versions (9.18, 9.17, and 9.16) to address this vulnerability. Users running version 9.15 and below must first upgrade to a supported version before applying the relevant RPM script. As a temporary mitigation, organizations are advised to ensure that port 8443 is not internet-accessible by implementing firewall rules to block external access (Ivanti Blog).