CVE-2023-38035

CRITICAL KEV RANSOMWARE NUCLEI

Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)

Title source: metasploit

Description

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Exploits (5)

nomisec WORKING POC 40 stars
by horizon3ai · remote
https://github.com/horizon3ai/CVE-2023-38035
nomisec WORKING POC 7 stars
by LeakIX · remote
https://github.com/LeakIX/sentryexploit
nomisec WORKING POC 1 stars
by mind2hex · poc
https://github.com/mind2hex/CVE-2023-38035-MobileIron-RCE
vulncheck_xdb WORKING POC
remote
https://github.com/mind2hex/MICS_Hunter
metasploit WORKING POC EXCELLENT
by Zach Hanley, James Horseman, jheysel-r7 · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_sentry_misc_log_service.rb

Nuclei Templates (1)

Ivanti Sentry - Authentication Bypass
CRITICALVERIFIEDby DhiyaneshDk,iamnoooob,rootxharsh
Shodan: html:"Note: Requires a local Sentry administrative user" || http.html:"note: requires a local sentry administrative user"
FOFA: body="note: requires a local sentry administrative user"

References (3)

Scores

CVSS v3 9.8
EPSS 0.9442
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-08-22
VulnCheck KEV 2023-08-22
InTheWild.io 2023-08-21
ENISA EUVD EUVD-2023-41862
Ransomware Use Confirmed
CWE
CWE-863
Status published
Products (1)
ivanti/mobileiron_sentry < 9.18.0
Published Aug 21, 2023
KEV Added Aug 22, 2023
Tracked Since Feb 18, 2026