CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Note that Nessus has not tested for these issues but has instead relied only on the serviceβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(180172);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/28");
script_cve_id("CVE-2023-38035");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/09/12");
script_xref(name:"CEA-ID", value:"CEA-2023-0040");
script_name(english:"Ivanti Sentri Authentication Bypass (CVE-2023-38035)");
script_set_attribute(attribute:"synopsis", value:
"Ivanti Sentry, running on the remote host is affected by a authentication bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an
attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache
HTTPD configuration.
Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version
number.");
# https://forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f6bf8d40");
script_set_attribute(attribute:"solution", value:
"Update to Ivanti Sentry version 9.16.0a, 9.17.0a, 9.18.0a or later");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38035");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/21");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ivanti:sentry");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ivanti_sentry_detect.nbin");
script_require_keys("installed_sw/Ivanti Sentry");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Ivanti Sentry');
if (!empty_or_null(app_info['mi-mics package version']))
app_info.parsed_version = vcf::parse_version(app_info['mi-mics package version']);
else
app_info.parsed_version = vcf::parse_version(app_info.version);
var constraints = [
# Advisory states "older versions are also at risk"
{ 'min_version':'0.0', 'fixed_version':'9.16.0a' },
{ 'min_version':'9.17.0', 'fixed_version':'9.17.0a' },
{ 'min_version':'9.18.0', 'fixed_version':'9.18.0a' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%