CVE-2023-41724: 
Ivanti MobileIron Sentry vulnerability analysis and mitigation

A critical command injection vulnerability (CVE-2023-41724) was discovered in Ivanti Standalone Sentry, affecting versions prior to 9.19.0. The vulnerability was reported by researchers from the NATO Cybersecurity Centre. Ivanti Standalone Sentry is an appliance that functions as a gateway between devices and ActiveSync-enabled email servers or backend resources, and can also be configured as a Kerberos Key Distribution Center Proxy (KKDCP) server (Helpnet Security).

CVE-2023-41724 has been assigned a CVSS score of 9.6 (Critical) with the vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability allows an unauthenticated threat actor within the same physical or logical network to execute arbitrary commands on the appliance's operating system. Notably, threat actors without a valid TLS client certificate enrolled through EPMM cannot directly exploit this issue on the Internet (Ivanti Blog).

If successfully exploited, the vulnerability enables attackers to execute arbitrary commands on the underlying operating system of the Ivanti Standalone Sentry appliance, potentially leading to complete system compromise. The vulnerability affects all supported versions (9.17.0, 9.18.0, and 9.19.0) as well as older, unsupported versions (SOCRadar).

Ivanti has released patches to address the vulnerability. Users of supported versions should update to versions 9.17.1, 9.18.1, or 9.19.1. Organizations running versions older than 9.17.0 are advised to upgrade to a supported version and then apply the appropriate patch. The patches are available through Ivanti's standard download portal (Ivanti Blog).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert urging users and administrators to patch these critical vulnerabilities, emphasizing the potential for threat actors to exploit them and gain control of affected systems (SOCRadar).