CVE-2023-41724

Name of the Vulnerable Software and Affected Versions Ivanti Standalone Sentry versions prior to 9.19.0

Description The issue is a command injection vulnerability that allows an unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. This can be exploited by attackers to gain full control of affected systems. The vulnerability was reported by NATO Cyber Security Center researchers.

Recommendations For versions prior to 9.17.1, 9.18.1, and 9.19.1, update to the respective patched versions (9.17.1, 9.18.1, or 9.19.1) to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable system until a patch is applied.