CVE-2023-38035 Ivanti CVE debrief

Who should care

Administrators and operators of Ivanti Sentry, vulnerability management teams, incident responders, and security teams responsible for externally reachable or mission-critical Ivanti deployments.

Technical summary

The supplied corpus identifies the issue as an authentication bypass in Ivanti Sentry, specifically tied to the administrator interface. The corpus does not provide deeper exploit mechanics, affected versions, or a CVSS score, so this debrief is limited to the verified advisory and KEV metadata.

Defensive priority

Critical. This CVE is in CISA’s Known Exploited Vulnerabilities catalog, has known ransomware campaign use, and CISA’s required action is to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.

Recommended defensive actions

• Apply vendor-provided mitigations immediately.
• If mitigations are unavailable, discontinue use of the product as directed by CISA.
• Prioritize identification of all Ivanti Sentry deployments in your environment.
• Review vendor guidance and any affected-system notices associated with CVE-2023-38035.
• Investigate for suspicious authentication activity or unexpected administrative access on Sentry systems.
• Track remediation against the CISA KEV due date of 2023-09-12.

Evidence notes

Source metadata states: vendor project Ivanti, product Sentry, vulnerability name "Ivanti Sentry Authentication Bypass Vulnerability," known ransomware campaign use: Known, and required action: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable." CISA KEV dates supplied in the corpus are dateAdded 2023-08-22 and dueDate 2023-09-12.

Official resources