March 21, 2024 at 09:45AM
IT software company Ivanti has released patches for critical-severity vulnerabilities in Standalone Sentry and Neurons for ITSM, posing remote code execution and file write risks. Unauthenticated attackers can exploit Standalone Sentry bug to execute commands, while authenticated remote users can perform file writes to the ITSM server. Users are advised to apply the available patches promptly.
Key takeaways from the meeting notes:
– Ivanti has released patches for two critical-severity vulnerabilities in Standalone Sentry and Neurons for ITSM that could lead to command execution.
– The Standalone Sentry vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), is a remote code execution issue that allows unauthenticated attackers to execute arbitrary commands.
– The issue affects all supported iterations of Standalone Sentry, and users of older releases are advised to upgrade to a supported version.
– The Ivanti Neurons for ITSM vulnerability, tracked as CVE-2023-46808 (CVSS score of 9.9), is described as a file write issue that can be exploited remotely. It affects supported versions of Neurons for ITSM and all Ivanti Neurons for ITSM cloud landscapes have been patched against the flaw.
– Standalone Sentry and Ivanti Neurons for ITSM users are advised to download the available patches via their respective download portals.
– While both vulnerabilities were identified towards the end of 2023, Ivanti did not disclose them until a fix was available, to ensure that customers have the tools they need to protect their environment.
– Ivanti customers are encouraged to apply the available patches as soon as possible, as vulnerabilities in the company’s products are often targeted in attacks.
Let me know if you need any further information or if there’s anything else I can assist you with!