Ivanti fixes critical Standalone Sentry bug reported by NATO

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.

Standalone Sentry is deployed as an organization's Kerberos Key Distribution Center Proxy (KKDCP) server or as a gatekeeper for ActiveSync-enabled Exchange and Sharepoint servers.

Tracked as CVE-2023-41724, the security flaw impacts all supported versions and it allows unauthenticated bad actors within the same physical or logical network to execute arbitrary commands in low-complexity attacks.

Ivanti also fixed a second critical vulnerability (CVE-2023-46808) in its Neurons for ITSM IT service management solution that enables remote threat actors with access to an account with low privileges to execute commands "in the context of web application's user."

While this patch has already been applied to all Ivanti Neurons for ITSM Cloud landscapes, on-premises deployments are still vulnerable to potential attacks.

The company added that it found no evidence that these two security vulnerabilities are being exploited in the wild.

"There is a patch available now via the standard download portal. We strongly encourage customers to act immediately to ensure they are fully protected," Ivanti said.

"We are not aware of any customers being exploited by this vulnerability at the time of disclosure."

​Ivanti devices under attack

Since the start of the year, nation-state actors have exploited multiple Ivanti vulnerabilities as zero-days (i.e., CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893) before a wide range of threat actors started leveraging them at a larger scale to deploy various custom malware strains.

Last month, over 13,000 Ivanti Connect Secure and Policy Secure endpoints were still vulnerable to attacks targeting the same security bugs.

One month earlier, CISA issued this year's first emergency directive ordering federal agencies to immediately secure their Ivanti Connect Secure and Policy Secure systems against zero-day flaws targeted in widespread attacks.

The U.S. cybersecurity agency amended the emergency directive roughly two weeks later to order the agencies to disconnect all vulnerable Ivanti VPN appliances as soon as possible and rebuild them with patched software before bringing them back online.

Several suspected Chinese threat groups used another Connect Secure zero-day tracked as CVE-2021-22893 three years ago to breach dozens of government, defense, and financial organizations across Europe and the United States.